Trusted Files Been Sandboxed

Hey all, have just got round to putting CIS on one of my laptops that used to have KIS on it for usability for other family members…

Anyway thought this would be best place for it to be discussed in (I think?).

When start/log into account gfx… something pops up, remember google search popped up about something about .net remove/re-install… gonna get round to that later when have time. And then after/always even when gfx error don’t pop up, a ton of things gets sandboxed, I tick don’t isolate again but seems to not work? I also click on each one of them and perform ‘online look up’ which returns a verdict of safe. Also submit which says already submitted.

When I look into the sandbox all of them are listed as trusted yet sandboxed under my untrusted settings, attached is a SS png of him for you to look at…

looking forward to all your input guys. :slight_smile:

EDIT/ADD: OS is Windows 7 - 64Bit… CPU/GPU i3-370M ;D

[attachment deleted by admin]


Mods, is this in the right section… left it a good while yet no input/reply… >:-D

Just wondering captain if the files that are showing up as trusted in the sandbox have actually been moved to the trusted files list but haven`t been removed/purged from the untrusted list automatically.
Could you look in Defence+ ->Trusted Files to see if the files are listed.
Could you also go to Defence+ → Unrecognized files → Select all and hit Purge.

You could allways manually move them to the Trusted list by highlighting them and select move to trusted files.

Seems a funny one. Are the files acting as they are untrused (sandbox level)? If they where restricted to operating like this they would surely not work correctly and you would have a whole heap of D+ events.



Normally this only happens if the parent process is ‘untrusted’.
Can you please open Defense+, View active process list, and check if there are processes that aren’t trusted, specially svchost, services and explorer.exe??

There are FAQs which may help here and here.

Switching on ‘Block all requests when the app is closed’ in D+ settings is a common cause of this sort of thing.

There is a trace on the intel graphics file you are talking about. Try searching for the file name. I thought this had been solved though - what version of CIS do you have?

It also seems possible that your TVL has got corrupted. Try deleting vendor.n and replacing it from the repair directory or waiting for CIS to re-download it. Alternatively re-install.

Best wishes


No unrecognised files show in that part or submitted… everytime do online submit it finds safe and all files are already classed as trusted…

No there is no parent ones that are not trusted.

Version 5.5…1383 (on 64bit windows 7)
I think this maybe the cause as I have this option ticked as I thought it would be more secure… so will untick this option later and montitor and see how it goes. EDIT/ADD: Will do as suggested with regards to the TVL if not solved by the first bit of advice you gave.

Sorry for late reply guys and thanks for the input, was just having a weekend away on the sauce, god I love my watering holes on the weekend. >:-D

PS- May also give the latest Beta a bash as well at some point… end of random waffle


Problem solved when I did as suggested and turned off ‘block all unknown requests if application is closed’ no more freezing and mouse lock ups… problem solved.

Thanks guys for taking the time to reply, should of thought of that one myself hehe.

Some additional information on the same topic. This behavior of getting sandbox notifications of trusted files started happening after the latest CIS release. In my case it happens only on one application which is located on a flash drive. The drive is present at boot-up. Starting the application (portable RoboForm) causes the sandbox warning to pop up, but only intermittently. The application appears in the trusted files list, and does not appear in the unrecognized file list. In this case, I have not updated the application in over a year, so updating does not appear to be the problem. Multiple instances of the same application appear in the trusted files list, so I will delete them all and try adding the application during the next alert.


External media is always considered untrusted. This is not behavior that has changed recently.