I have two files that sandbox keep sandboxing but it really shouldn’t be, one is a file from dBpoweramp by Illustrate ( they are on the trusted vendors) named GetPopupInfo.exe, even though it is signed. ( check out picture.
The next file is from ATI called CLIStart.exe, even though ATI is on the trusted vendors list and is signed, check out the picture.
[attachment deleted by admin]
My ATI files were getting sandboxed as well. I submited them to Comodo as well as put them in the “my trusted files”. I believe that my issue is that I use ‘Mobility Modder’ to enable my Gateway laptop to use the latest graphics drivers from ATI. Just a observation.
Couple of reasons why this could be, though neither may apply.
If the file is getting updated (even if just its date of modification changes).
If the certificate is invalid or corrupt. Try sigverif.exe to check?
If the files are being run by another file which is sandboxed.
There’s something to do with files on removable media too, but I have not met this personally
If none of these apply I’ll re-post in Bugs.
You should probably be able to resolve the problem by using one of the techniques in the FAQ ‘Removing individual programs from the sandbox’.
But please do say what happens, so it can be reported as a bug if necessary.
Best wishes
Mouse
Lets go down one by one.
Nothing is getting updated, the ATI one gets sandboxed soon after start up and the dBpoweramp one gets sandboxed when I play a song.
I tried sigverify and only one came up but not any of these two, it was a pcouffin.sys file.
The files are not being run by a sandboxed application.
And they are not on a removable media.
I am not worried about them being sandboxed just that they should not be sandboxed, seeing and they are part of two trusted programs and they are signed.
A bug then probably I would think. As you are a mod, could you move and add any info required for a bug report & append the files zipped I guess?
(I assume by ‘my trusted files’ you mean ‘my safe files’. Trusted files in the computer security policy are not seen as safe by the sandbox).
Possibly worth trying to use this file to add a safe vendor, just to see what the error message is. If ‘Already a safe vendor’ you know that CIS thinks the signature is ok, if ‘no signature or corrupt’ you know that the OS and CIS are seeeing the sig differently.
Anything relevant in the logs?
You can probably stop them being sandboxed by defining them as installers/updaters, though I understand it does not worry you.
Best wishes
Mouse
well I tried to add them to my safe vendors list but CIS said " The files does not seem to be a valid signed executable", for both.
So now we may know why they are continually being sandboxed. It’s over to the devs I think to work out what the flaw in signature recognition is. [Edit: or maybe CIS is doing a better job that sigverif!]
Will you do the honours and move it?
Best wishes
Mouse
32bit Intel Core2Duo
Windows 7 32 bit
CIS V4.898
Check First post on symptoms.
Check the rest of the posts for what I did to resolve the problem.
CIS is in proactive security mode, with sandboxe enabled.
Administrator with UAC disabled.
If you guys want me to attach the files please let me know.
Of course it could also be that CIS is making more checks than the OS, but still the devs are the only ones who can work this out!
Someone else had a similar problem with a signed Windows file (OK according to sigverif, not according to CIS), so it needs looking at.
Certainly they are likely to need the file (zipped) to do so.
Best wishes
Mouse
Gentlemen, please notice there is no Signatures tab in the provided properties screens. That means, and that was confirmed by CIS, that these files are not digitally signed.
I am almost sure there is no signatures tab in windows 7, I checked other files and non of them have it.
Oh well noticed Eric! However languy may be correct.
@ languy But this made me review the topic and I noticed that you said that sigverif.exe returned a .sys file. Sigverif.exe asks you to specify an extension when searching for non-system files (Advanced Tab). It probably defaults to .sys, as it was originally designed for device drivers. Did you maybe not change the default? (Sorry probably should have drawn your attention to this).
Mouse
I checked the CLIstart.exe on my system and it is not signed. Using Catalyst 10.3.
However the Catalyst installer and the setup.exe in the installer are digitally signed.
Clistart.exe does not have a signature on my machine.
This issue could still be interesting, if you are saying it won’t stay in ‘My Safe Files’, or if it is still sandboxed when you put it in My Safe Files.
It would maybe mean that if CIS knows the vendor, it sort of insists that all file from the vendor are signed.
Best wishes
Mouse
I had a similar problem when I upgraded firefox and a signed executable (firefox.exe) was sandboxed. See:
CLIstart.exe can be added to My Own Safe Files. That means it is not a safe file because otherwise I would have been alerted that is already a safe file.
Languy is erroneous in his assumptions that clistart.exe is signed or part of the white list.
well I don’t know if it is signed or not I thought it was but it should be part of the white list because it is part of the ATI software. Maybe I should contact ATI about getting CLI signed.
The catch with the Catalyst driver suite is that it gets updated on a monthly basis. That could be a problem. That monthly ryhtym doesn’t seem to stimulate ATI/AMD to make those files digitally signed either.
Best thing is to add the .bat and .exe files of the Catalyst suite to My Own Safe Files and be done with it.
So, not a bug then. Who will move back first…
Best wishes
Mouse