Hi guys. I’m back with a pain! Sandbox is giving me that.
The problem is that each time I start my pc defense+ shows atleast 5 notifications saying that it wants to keep a .exe into the sandbox. The .EXEs include -
The first 4 are windows processes. And the last one among those 4 is the latest that got traced by sandbox and I have to say it not to take calculator into sandbox.
Each time pc starts I have to click on radio buttons to make them run out of sandbox. But no result. Next time again… I even checked the box that says that it should trust microsoft as publisher. But no result again.
itrafficmon.exe, fdm.exe are well known. One is a bandwidth meter and the other is a download manager.
I even tried to solve this annoying message popping up by disabling defense+. But it still takes those programs in sandbox and shows messages.
Sounds strange as a few of these should normally be started by the system processes.
IF the files are not signed, then the “Trust M$” will not work.
We need to find out where in the system these files are started and then check which is the parent process to see what causes the sandbox loop.
Can you tell me where cal.exe itrafficmon.exe and fdm.exe are started from?
Here is an excellent tool that can help you find them Autoruns
cal.exe is calculator which was not automatically started rather I clicked it to run. Then sandbox blocked it. I told sandbox not to block it but next time it again blocked calculator. After that incident I decided to report about sandbox here.
itrafficmon.exe and fdm.exe - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. This information is given by the tool that you mentioned. Again, I must tell you that I have set both of them start with windows by myself.
verclsid.exe and rundell32.exe are not listed in the list that the autorun tool showed!!!
This evening one new amazing thing happened. Sandbox blocked firefox!!! Fishy, very fishy. Defense+ is still disabled.
Thanks for that article. Like that one in my case also verclsid is actually not found but sandbox is blocking that!!! What about rundell32? Why sandbox this evening blocked firefox? The verclsid and rundell32 problem was not present 3 months ago? why it started blocking recently? My service pack 3 is downloaded from microsoft site.
sounds like a corrupted trusted vendor list. check in D+ trusted vendors, are they listed there? If it is empty will there is your problem. You can get them back to going to misc, diagnostics, and reboot when it asks.