Repeated Sandbox alerts for WGATRAY.exe

I’ve recently upgraded to CIS 4 - and all is going smoothly except for one thing: On a regular basis, about once every couple of days, I get a Sandbox popup tellong me that WGATRAY.exe has been run in the sandbox.

WGATRAY is windows genuine advantage checker - so I don’t need to be told about it every time. I click the option Not to run in the sandbox any more and dismiss the alert but it keeps coming back.

I’ve checked defense+ > pending files - and there’s nothing there. Also if I click the highlighted file name in the alert it tells me that file wgatray.exe does not exist.

The only WGA files I can find on my system (XP SP3) are and

A full system scan shows my system to be clean.

Any suggestions as to what is happening and how I can stop the repeated notifications?


  • Update - it’s happened 3 times today already :frowning:

Please look in Control Panel ~ Scheduled tasks. If you find a related task please disable it if you don’t want WGA to run. (Note there may be implications of WGA not running). IF ther is no task use microsoft autoruns to look for the WGA task and disable it. Please make a restore pt. first.

Else if you want WGA to run, re-install WGA from the MS site.

Best wishes


Thanks for the reply.

There’s no WGA task in scheduled tasks, and it’s not in autoruns either.

I could probably find a way to disable WGA checking - but that would stop me using Windows update - because it would not see my windows as genuine.

What I want to know is how to convince CIS to remember the executable - or at least stop bugging me about it.

The simplest thing to do would be to re-install wga from the MS site and see if this resolves your problems

Otherwise try a windows explorer search for wgatray.exe or .dll, including hidden and system files, and report back your findings. Please also post a screenshot of your Defense plus event logs, making sure all info is visible.

Best wishes


I have same issue. Nothing in the replies to original question seem terribly helpful or relevant. Issue is likely with Comodo and it’s Sandbox…agreed? My approach was just to disable the Sandbox feature. It doesn’t seem to work terribly well (WGATRAY is not the only program for which I have this issse), and it’s usefulness even if it was actually working as intended is questionable anyway.

Can you make sure the file is not also in My Pending Files at the same time. If so, please remove it from there.
Also read Mouse1’s Introduction to the v5 Sandbox (see my signature) and How can I prevent software being sandboxed? and see if that brings any help.

Well, if you can’t find wgatray.exe, maybe the file is created on demand, and deleted after that, and maybe (I’m just guessing) that could cause confusion to Sandbox.

wgatray.exe could be located in C:\WINDOWS\system32 and in C:\WINDOWS\system32\dllcache

Now, I have seen Defense+ to suffer amnesia from time to time, and ask me about files already checked, but that happened to me more often with CIS 3.x than with 4.x. Now I moved to version 5 and so far I have not had problems.

I never had a problem with the danged thing myself, but I understand it can be an issue. You want to fix it rather than hack it away (or suppress it with firewall).

I checked and wgatray seems to be a file that is created or updated on a regular basis, and there was no way i could find to get comodo’s sandbox to ignore it. NB this only happens on one of my 3 PCs that all have pretty similar configs - so I guess it’s not a common thing.

In the end I just disabled the sandbox - which seems like like unnecessary bloat to me.

I hope it’s not a sign that Comodo are going to go the way of Norton/Mcafee etc and keep adding ‘features’ that no-one really needs, just to encourage people to upgrade to that latest and greatest.

Are you using an adapted wgatray.exe if you know what i mean?

Comodo really needs to figure out a way around these types of files. I have a file that I regularly compile and the sandbox grabs every new compilation. I understand that for most types, you really want Comodo to jump on them if they change because they could have been altered by malware, but there are instances where you just want to be able to tell CIS to leave a file alone if it has changed. Otherwise you are wasting yours and Comodo’s bandwidth by continually sending them a changed version of the file… 88)

Nope - kosher. It’s a dell box/licence, though I have wiped and reinstalled the system.
WGA works fine, and the comodo firewall itself allows it through. It’s just that when I had the Comodo sandbox enabled it would get triggered, I think every time I logged on, or fired up an office program for the first time in a session.

If you upgrade to version 5 you will most likely resolve this problem. See under news/announcments.

Best wishes


Thanks Mouse.

It’s not been a problem for me (original poster) since I disabled the sandbox. When I’m offered the upgrade to v5 I’ll take it and see what happens