360 Internet Security: FREE Triple antivirus engine, BitDefender included

I just wish it would save your favorites, but haven't found a way too.

 

Just a couple of quick comments and observations- first off, if a sandbox is included in an Anti-malware application it should never be an on-demand type of thing. Almost as silly as having the AV component being on demand. If I'm missing something here please enlighten me.

Second, I have had some limited experience with the sandbox that was included in previous versions of the domestic (China) versions of Qihoo and wasn't overwhelmed by it. I wanted to see if anything had improved. To this end I found a fresh Ransomware sample. This particular nasty will spawn a daughter in a sub-directory in Roaming as well as creating an autorun entry that points to the daughter (which is the payload). There is randomness in both the directory selected as well as the daughter's filename. This particular sample was new and undetected by neither Q nor Comodo. I ran the sample in 3 systems:

System 1- Qihoo360 at default
System 2- Qihoo360 at default, but the file was initiated in the Sandbox
System 3- Q+CF- Qihoo at default, CF with HIPS off, Sandbox at Full V

Results- In no case was the autorun entry allowed to be created. System 1 and 2 allowed the daughter to be spawned. When the daughter was run, Qihoo's Proactive Protection blocked further malicious activity. System 3 prevented the deposition of the daughter.

Nothing earthshaking here, but certainly nothing in the new version that would change my recommendation away from the preferred Q+CF.

 

Thanks for the testing Cruelsister. Using system 2 you mentioned that the daughter was spawned. I was wondering if you could try running that again but with the proactive protection off. Merely to see if the sandbox would contain once the daughter process starting making changes. Thanks.

 

On my system the webshield plugin crashes everytime chrome is sandboxed, anyone else.having.this problem?

 

Sent a mail to the developers about this...I get a quick reply for the samples I provide them with so I am hoping quick reaction for this one too

 

Since it was reported that Q360 is now functioning with browsers under the supervision of Sandboxie, I elected to reinstall and check it out once again.

I was able to confirm that Q360 now detects the Eicar test file before the file is downloaded.

I have disabled the Q360 sandbox feature. Sandboxie offers much more granular control of the processes and apps allowed to run within the sandbox. (Start/Run, Drop Rights, Internet Connection, File Access as well as the ability to retain certain settings upon deletion of the sandbox.)

If anyone can provide a test site to determine whether URL filtering/blocking is accomplished within a Sandboxie run browser, please share.

 

This is so odd...when I open up trash cleaner in 360 IS MBAM Pro goes crazy blocking several Ip's being accessed by trashclean.exe!? What the heck!

 

Giving this a try. Is it recommended to always run browser sand boxed? What else should be sandboxed?

 

WOW! I had a pack having very good quality of samples...total were 81.It was spywar's pack and would you believe it,hardly 12 samples were detected by BD engine and the rest was detected either by 360 Cloud or QVM2.These 2 engines really hit the deck

These 2 engines got to be strongest of other AV top dogs.

 

KJ- ran the daughter and everything was fine, so it was contained.

I had some time and some old samples so I tried one more thing. There are rootkits that have successfully bypassed the Comodo firewall in the past when the Box was set at Partially Limited. To test against these samples I shut off all of Q's protection modules and turned off network access. The samples were run within Q's sandbox. I then rebooted the system and did a fast analysis. Surprisingly (to me at least) there was no evidence of any infection; this was not the case with the previous China version. It seems they have upped the protection of the Box.

Much more testing is needed in the days to come, but it does seem promising. Now if it was only in Auto mode...

 

I posted at the Sandboxie forum about 360 functionality with Sandboxie. Hopefully they make it fully compatible.

I'm also eager to see if URL filtering works inside Sandboxie!

 

Not planning to switch to anything else until avast is fully rolling with new technologies...I love my 360 IS

 

I saw the thread and will keep an eye on it.

Hopefully someone can supply a site or two that the BD URL Filter would alert to so we can check within a Sandboxie supervised browser.

Seems odd that 360 will now monitor downloads within Sandboxie but not URLs.

 

has anyone figured out how to take things out of the sandbox? like bookmarks/favorites and downloads?

 

Maybe adding the folder into the exclusion list? Also where it says view on the main menu next to the media, documents and all files. Maybe pressing on that gives you the option to recover? Haven't played around with the sandbox yet.

Edit- Ok I put firefox in the sandbox. I then downloaded a file. I went into the sandbox folder and drag/drop the file onto my normal desktop. I then turned off the sandbox and cleared it. I was then able to install the file that was dropped onto my desktop. So seems like whatever you want, it can be moved onto the normal system.

 

In regards to it being in auto mode. It does have an option to start a process automatically everytime it starts. Don't know if this is what you're referring.

 

I think she means where 360 would automatically sandbox an app that was unknown /untrusted as opposed to your manually electing to always run a particular app within the sandbox.
(Sort of like what it purports to do for apps or malware starting from USB as I recall.)

 

Nobody is experiencing fishy behavior using Qihoo 360?

I still need more proof that they are reputable like Bitdefender.

 

No, in 40 pages of posts here not a single person has encountered anything like that. You need to stop being paranoid.

 

Just a few posts up true indian reported unusual behavior from 360's trash cleaner while using it. There are other posts about unusual behavior by 360 among these many pages. Stay suspicious and stick with BD Free like I'm doing. Experimenting (with 360 for instance) is something we all like to do...but sticking with it...no way.

BTW, I always re-image my PC after playing with 360 IS. .

Later...

Bob

 

I missed that post.

Maybe I'm too trusting, but certainly have no hesitation keeping 360 installed on my laptop and installing it on customers laptops in cases where their paid AV subscription has expired.

Actually I generally trust any software that I try out, until I have good reason not to trust it.

 

Here is a snip of the log from that incident:

2013/08/29 08:16:19 +0530 COMPAQ-PC compaq IP-BLOCK 222.186.189.229 (Type: outgoing, Port: 50065, Process: traceclean.exe)

It keeps blocking 222.186.189.xxx

 

Very weird signature was assigned for this hacktool after I sent it to their lab as undetected.

 

222.186.189.229 is the IP address for softm.360safe.com - see here.

I highly doubt there is any good reason for MBAM to block it. This is a good reason why I don't use any IP/URL blocking software.