This option in sandbox is not working correctly

For several months now, version after version I have been wondering why my Defence+ is not working. It is not reating to malware files I have downloaded for testing. Instead it adds them to trusted files.

Today I finally noticed that removing the tick from sandbox settings to try to detect installers and updater made a big difference. Now every malwarefile I trowed to it made D+ to sandbox and limit the file. And in several cases also the cloud av-scanner reacted.

I have no idea why D+ detects those files as installers/updaters. It could be some otger process running that is confusing it. But I cant’t tell what it would be. Killswitch was not fooled and it always detected the malware (or as unknown).

But anyway I am pleased now when I got D+ working again.

can you post your defense + event logs, maybe they will give us some insight to whats happening.

That is the funny part, these incidents don’t show in D+ events, I think because they are treated as safe, and safe actions does not trigger D+. So no use posting them.

So there are no logs that say “Scanned Online and Found Safe”?

No, it seems not scan files online if it considers them as installer or updater. It just puts them into trusted files. And that is something strange.

It could be a problem with your install. Does running the diagnostics show any errors?

If not then please try reinstalling by following the advice I give in Most Effective Way to Reinstall CIS to Avoid/Fix Problems. Please let us know if after reinstalling this way you still see the same problem.


This problem is exactly like the one I posted here

and re-installing CIS doesn’t fix that.

I don’t think installin has anything to do with it. i have had this (I think) from first version of 5.9 (maybe even 5.8). And I have reinstalled CIS several times after that and installed newer versions etc. But the problem remain. Now without that option selected my system works as it should.
I am quite certain it is some kind of bug.