Hi, every time I start my PC I receive a message from CIS Sandbox telling me that verclsid.exe have been placed in the sandbox automaticly and that I don’t have anything to worry about. Sometimes CIS message pops in my screen many times.
I clicked the file Icon in the Sandbox message window and got a new message telling me that C:/Windows/System32/verclsid.exe couldn’t been found. Then marked the option telling CIS to not run verclsid.exe in the sandbox but the message still comes telling me again that CIS has placed the file in the sandbox.
Is verclsid.exe a maleware? Is this a Sandbox bug? I have tryed to delete or rename the file but I can´t find it in my hard disk
Find it on your hard disk and check it using CIMA for safety. (This is not an absolute guarantee, but good enough!). See the FAQ on how to do this.
Unfortunately MS released a version of verclsid.exe that was not code signed. You probably have the correct version in system32 but Windows is running the incorrect version from somewhere else. I have it in Windows$Ntservicepackuninstall$.
So you need to find this other location and tell CIS that the file is a safe one (add to ‘My Safe Files’), or if that fails, apply the installer/updater policy to it in the Computer Security Policy.
It may be in a hidden folder - try windows search, and make sure you set it to search all system and hidden folders. Double check the spelling from the alert.
It’s normally in C:\windows\system32 but that may be the correct signed version. After checking via CIMA you can check whether the version you have found is signed or not by trying to add the vendor to My Trusted Vendors. CIS will tell you if the signature is missing or corrupt, if its OK it will say ‘already a safe vendor’ or some such thing.