I have two files that sandbox keep sandboxing but it really shouldn’t be, one is a file from dBpoweramp by Illustrate ( they are on the trusted vendors) named GetPopupInfo.exe, even though it is signed. ( check out picture.
The next file is from ATI called CLIStart.exe, even though ATI is on the trusted vendors list and is signed, check out the picture.
My ATI files were getting sandboxed as well. I submited them to Comodo as well as put them in the “my trusted files”. I believe that my issue is that I use ‘Mobility Modder’ to enable my Gateway laptop to use the latest graphics drivers from ATI. Just a observation.
Nothing is getting updated, the ATI one gets sandboxed soon after start up and the dBpoweramp one gets sandboxed when I play a song.
I tried sigverify and only one came up but not any of these two, it was a pcouffin.sys file.
The files are not being run by a sandboxed application.
And they are not on a removable media.
I am not worried about them being sandboxed just that they should not be sandboxed, seeing and they are part of two trusted programs and they are signed.
A bug then probably I would think. As you are a mod, could you move and add any info required for a bug report & append the files zipped I guess?
(I assume by ‘my trusted files’ you mean ‘my safe files’. Trusted files in the computer security policy are not seen as safe by the sandbox).
Possibly worth trying to use this file to add a safe vendor, just to see what the error message is. If ‘Already a safe vendor’ you know that CIS thinks the signature is ok, if ‘no signature or corrupt’ you know that the OS and CIS are seeeing the sig differently.
Anything relevant in the logs?
You can probably stop them being sandboxed by defining them as installers/updaters, though I understand it does not worry you.
So now we may know why they are continually being sandboxed. It’s over to the devs I think to work out what the flaw in signature recognition is. [Edit: or maybe CIS is doing a better job that sigverif!]
Gentlemen, please notice there is no Signatures tab in the provided properties screens. That means, and that was confirmed by CIS, that these files are not digitally signed.
Oh well noticed Eric! However languy may be correct.
@ languy But this made me review the topic and I noticed that you said that sigverif.exe returned a .sys file. Sigverif.exe asks you to specify an extension when searching for non-system files (Advanced Tab). It probably defaults to .sys, as it was originally designed for device drivers. Did you maybe not change the default? (Sorry probably should have drawn your attention to this).
Clistart.exe does not have a signature on my machine.
This issue could still be interesting, if you are saying it won’t stay in ‘My Safe Files’, or if it is still sandboxed when you put it in My Safe Files.
It would maybe mean that if CIS knows the vendor, it sort of insists that all file from the vendor are signed.
CLIstart.exe can be added to My Own Safe Files. That means it is not a safe file because otherwise I would have been alerted that is already a safe file.
Languy is erroneous in his assumptions that clistart.exe is signed or part of the white list.
well I don’t know if it is signed or not I thought it was but it should be part of the white list because it is part of the ATI software. Maybe I should contact ATI about getting CLI signed.
The catch with the Catalyst driver suite is that it gets updated on a monthly basis. That could be a problem. That monthly ryhtym doesn’t seem to stimulate ATI/AMD to make those files digitally signed either.
Best thing is to add the .bat and .exe files of the Catalyst suite to My Own Safe Files and be done with it.