Thanks Don and Piet that is very helpful.
I’ll move this to bug reports now.
I would be interested to know if AVG make a useful response. In particular if AVG say the file is being downloaded by AVGtray and run on the fly. If it is, and if the file is being run moved then run again in the process, that causes problems with CISs file identification system.
If there is any info referred to here you have not yet appended please do so as it helps the devs.
Best wishes
Mouse
Last post from AVG was that they had the idea that it was related to a trial version, so they proposed to remove and reinstall AVG again (with an Avgremover tool which they provided).
This did not solve the problem.
I asked your question, but they had to pass most of my questions to the technical guys, so I just wait and see. I’ll keep you updated.
Thanks for these. I would try the following:
Check the computer security policy for any entries relating to this file. If there are any remove them, then reboot and respond to the alert with ‘don’t sandbox again’, then reboot to check
If this does not work then it is time for a radical workaround:
[ol]- Make a restore pt. Do Run ~ CMD. Then type in exactly:
[li]Copy CON “C:\program files\avg\avg9\avgdiagex.exe”
[/li]
Please tell me if this works so I can help others
Mouse
Hi Mouse1,
This seems to work for me. The warning disappeared.
Thanx,
Just to check, it was the work-around that helped (ie the 1-4?). If so would someone mind installing process explorer from Microsoft (or process monitor from MS, but that is more complex), and checking what prog calls avgdiagex.exe. (Probably AVGtray). If you keep missing it you’ll need to use process monitor with avgdiagex.exe as a filter.
Best wishes
Mike
Hi,
No 1-4 worked indeed.
I ran process explorer and MS. In both I tried to look for the string “diagex”, but nothing was found.
Should I try differently?
It will probably flash up only very briefly, maybe just after AVgtray loads (but before it is visible) and process explorer does not log stuff. So if you cannot catch it on boot, then you’ll need to use process monitor, with the filters:
Process is avgdiagex.exe
Operation is process create.
[edit]OR
Process is avgdiagex.exe
Operation is process start
You may need to load process monitor quite early in the boot process. If you enable boot logging in process monitor, that will do it. (As always, make a restore pt first).
Best wishes
Mouse
Check the computer security policy for any entries relating to this file. If there are any remove them, then reboot and respond to the alert with ‘don’t sandbox again’, then reboot to check
Mouse … this does not work. The file went into my SAFE files (see attached) and then I did a restart and got the pop-up again. sorry to say.
[attachment deleted by admin]
I did not do process monitor, but from my previous screen shot (attached again) you can see that the avgdiagex.exe is called by avgtray (as you assumed) … don
[attachment deleted by admin]
OK, sorry please try my work around instead.
Best wishes
Mouse
Hmm GOOOOOOD observation, did not think of this!!!
[Devs please look at blocked file entries in event log screenshot, which proves the point.]
No need for procmon then, if you have a suspect just block it to confirm.
Best wishes
Mouse
Best wishes
Mouse
Re Don Clarke’s question - why does file ‘disappear’ from My Safe Files, auto purging seems a reasonable guess in this case. You could create a .bat or .cmd file, run it, choose do not sandbox again, then delete and reboot just to see if interested! Please report here if you do, would be useful diagnostic info.
Did you try the work-around by the way, and did it work for you?
Best wishes
Mouse
Without sounding like a “pain” one would have to ask if CIS has a user activated “purge” function why there would be an auto-purge and if there were such a thing why there is no option on/off in prefs ? just wondering no need to reply (unless there is some way to turn auto-purge off)???
We don’t know that’s what is happening yet! 
Sorry to ask again but did the work around work for you?
Best wishes
Mouse
Mouse …
Followed the 1-4 steps added avgdiagex.exe to Sandbox
However on reboot got what appears to be same pop-up (see screen shot)
File is on HD and in Pending Files but still get notice so not sure how this is different than before (where I got a pop-up which appeared to be the same)
don
[attachment deleted by admin]
Hmm works for one person but not for the other. Maybe need to make absolutely sure its in the same location (path) as in the logged sandbox alerts, and spelt exactly right? Remove it from My Pending files too, any remove all other references except the reference in ‘add a program’, I would.
See if any of that works.
Best wishes
Mouse
With much care I checked spelling/location/etc and all is good.
I then moved the avgdiagex.exe file from Pending to Safe and voila … no pop-ups on boot.
So, no idea what’s up … perhaps other member that said it worked was mistaken or just accepted the pop-up without checking further. Anyway, at this point the workaround with dummy exe in Safe Files solved the problem … my choice until “real” problem is resolved … thx …
can you please run hijackthis and provide a log for me. Don’t change anything just provide a log so I can look it over. here is a howto. http://www.whatthetech.com/hijackthis/
HiJack report attached.
Made no changes to current set-up (ie : avgdiagex.exe in Safe Files)
Going outside to get some sun now …
[attachment deleted by admin]