this a bug ?

i was just curios if the automatic sandboxing kicks in, tried it on opera, nothing happened …
before running opera i removed it from trusted vendors, removed it from defense+ policy and firewall policy.

why doesn’t automatic sandboxing work in this case ? no notification no nothing …

add -----
reinstalled cis v4 latest version, just out of curiosity i ran CLT
av statefull, firewall custom, defense+ paranoid, sandbox disabled, proactive configuration, results :

OS Windows XP SP3 build 2600

  1. RootkitInstallation: MissingDriverLoad Protected
  2. RootkitInstallation: LoadAndCallImage Vulnerable
  3. RootkitInstallation: DriverSupersede Vulnerable
  4. RootkitInstallation: ChangeDrvPath Vulnerable
  5. Invasion: Runner Vulnerable
  6. Invasion: RawDisk Vulnerable
  7. Invasion: PhysicalMemory Vulnerable
  8. Invasion: FileDrop Vulnerable
  9. Invasion: DebugControl Vulnerable
  10. Injection: SetWinEventHook Vulnerable
  11. Injection: SetWindowsHookEx Vulnerable
  12. Injection: SetThreadContext Vulnerable
  13. Injection: Services Vulnerable
  14. Injection: ProcessInject Vulnerable
  15. Injection: KnownDlls Vulnerable
  16. Injection: DupHandles Vulnerable
  17. Injection: CreateRemoteThread Vulnerable
  18. Injection: APC dll injection Vulnerable
  19. Injection: AdvancedProcessTermination Vulnerable
  20. InfoSend: ICMP Test Protected
  21. InfoSend: DNS Test Protected
  22. Impersonation: OLE automation Protected
  23. Impersonation: ExplorerAsParent Protected
  24. Impersonation: DDE Vulnerable
  25. Impersonation: Coat Protected
  26. Impersonation: BITS Protected
  27. Hijacking: WinlogonNotify Vulnerable
  28. Hijacking: Userinit Vulnerable
  29. Hijacking: UIHost Vulnerable
  30. Hijacking: SupersedeServiceDll Vulnerable
  31. Hijacking: StartupPrograms Vulnerable
  32. Hijacking: ChangeDebuggerPath Vulnerable
  33. Hijacking: AppinitDlls Vulnerable
  34. Hijacking: ActiveDesktop Vulnerable

something is very wrong

why are all the files used by CLT added in my safe files ?
should i receive a elevated privilegies notification ?

Opera may be on the safe list as well. To see if it is try adding it to My Own Safe Files and it will tell when it is already a safe file. To work around the safe list set D+ to Paranoid.

Your CLT results are horrific. Make sure clt.exe is no longer in My Pending Files and that there are no longer rules in Computer Security Policy for CLT.

done that already