This option in sandbox is not working correctly

Jaskaolen · February 19, 2012, 9:57pm

For several months now, version after version I have been wondering why my Defence+ is not working. It is not reating to malware files I have downloaded for testing. Instead it adds them to trusted files.

Today I finally noticed that removing the tick from sandbox settings to try to detect installers and updater made a big difference. Now every malwarefile I trowed to it made D+ to sandbox and limit the file. And in several cases also the cloud av-scanner reacted.

I have no idea why D+ detects those files as installers/updaters. It could be some otger process running that is confusing it. But I cant’t tell what it would be. Killswitch was not fooled and it always detected the malware (or as unknown).

But anyway I am pleased now when I got D+ working again.

wasgij6 · February 20, 2012, 5:19am

can you post your defense + event logs, maybe they will give us some insight to whats happening.

Jaskaolen · February 20, 2012, 7:53am

That is the funny part, these incidents don’t show in D+ events, I think because they are treated as safe, and safe actions does not trigger D+. So no use posting them.

Chiron494 · February 20, 2012, 12:26pm

So there are no logs that say “Scanned Online and Found Safe”?

Jaskaolen · February 20, 2012, 12:33pm

No, it seems not scan files online if it considers them as installer or updater. It just puts them into trusted files. And that is something strange.

Chiron494 · February 20, 2012, 1:56pm

It could be a problem with your install. Does running the diagnostics show any errors?

If not then please try reinstalling by following the advice I give in Most Effective Way to Reinstall CIS to Avoid/Fix Problems. Please let us know if after reinstalling this way you still see the same problem.

Thanks.

Maniak2000 · February 20, 2012, 2:46pm

This problem is exactly like the one I posted here
https://forums.comodo.com/defense-sandbox-help-cis/defence-detects-some-programs-as-installerupdater-that-are-not-installers-t81895.0.html

and re-installing CIS doesn’t fix that.

Jaskaolen · February 20, 2012, 4:45pm

I don’t think installin has anything to do with it. i have had this (I think) from first version of 5.9 (maybe even 5.8). And I have reinstalled CIS several times after that and installed newer versions etc. But the problem remain. Now without that option selected my system works as it should.
I am quite certain it is some kind of bug.