Hi,

Can anyone throw some light on Sandboxiecrypto.exe I was testing a generic trojan (dropper) inside sandboxie. Immediately sandboxiecrypto opened a connection as shown below

[TDI] TCP, Connect, 0.0.0.0:50175 -> 203.77.188.232:80, C:\Program Files\Sandboxie\SandboxieCrypto.exe(3884/3308)

This IP details are

MISSOURI PACIFIC LIMELIGHT NETWORKS ASIA PACIFIC

Now can any of you tell me the significance of this?

Regards

-{ Quote: "Cryptographic Services

Program Name: SandboxieCrypto.exe
Service Name: cryptsvc

Manages software signing, security certificates and software catalogs.. This service manages and stores in the sandbox any digital certificates or catalog information that was installed by other programs running in the same sandbox.

This service occasionally connects to the Internet address mscrl.microsoft.com. This connection is initiated by Microsoft code running within SandboxieCrypto.exe and it is part of the procedure which verifies or revokes digital certificates for Web sites and programs.

This connection is not unique to SandboxieCrypto.exe and is initiated also by the "real" service program running under one of the svchost.exe processes. It is possible to block this connection through Internet Access Restrictions or through a firewall. However, this is not recommended. Please see Certificate revocation list on Wikipedia for more information about certificate revocation. " }-

source (http://www.sandboxie.com/index.php?ServicePrograms)

When testing, create a Test Box, and give it no internet access rights inside Restrictions tab. This connection *shouldn't* appear then, even though it is a legit process to verify.

Thanks Keyboard Commando. Thats exactly the IP of mscrl.microsoft.com.

Problem solved along with Tzuk's explanation of Sandboxiecrypto. And thanks for your suggestion too.