Sandboxie and AV? How can this be.

Discussion in 'other anti-virus software' started by trjam, Aug 15, 2007.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    This is not about a AV not doing its job but about 2 that do. I have Sandboxie and I know a site that if I go there a trojan is found. Both Nod and Kaspersky find it and Quarantine the trojan. The thing is since I am sandbox how come the trojan is still in boths Quarantine file. I thought when you closed Sandboxie everything gets deleted, but not in this case. And good work to both AVs.
     
  2. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I think the answer is that since the AV is not sandboxed (treated as a trusted program), it can access the sandbox.
    It's when a sandboxed application tries to access/modify files outside the sandbox that SandboxIE blocks it.
     
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    but it did because if I clicked on restore in Quarantine in either AV it would then be active. If thats the case then Sandboxie really isnt that secure. Also a good reason web scanning is important.
     
  4. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,293
    Location:
    England
    Yesterday while surfing sandboxed with opera avira popup up to say it had found a virus, what did I want to do.
    I quarantined it, closed opera and then deleted the contents from the sandbox.

    Nothing in quarantine.

    Trjam, did you delete the contents of the sandbox, or just close the sandbox?
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I have it set to delete the contents on sandboxie on closing.
     
  6. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Your antivirus software is not sandboxed. Since that is the case, when it detects the virus, it moves the virus out from inside the sandbox into its quarantine area OUTSIDE the sandbox. Since your antivirus quarantine area isn't inside the sandbox at all, I don't see why you should be alarmed that emptying your sandbox has no effect on your antivirus quarantine.
     
  7. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Then why is Stapp's quarantine empty, but not Trjam'so_O
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Antivir just failed to quarantine here.
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    You are exactly right!
    There is nothing wrong/ unusual in the scenario posted by trjam.
     
  10. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi aigle, is there anything I can change within Sbie or Avira to fix this? Or are you just saying that this was a rare occurrence. Thanks
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  12. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Thank you for your reply aigle. I didn't think there was anything wrong. I just installed Avira last night so I'm not that familiar with it. I'm also still using Sbie 2.86 and haven't messed with it much. I didn't know if I missed a setting or anything. Thanks for the link, it helped a lot.

    Thanks, innerpeace
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    There seems nothing wrong with Antivir settings. Just a miss or something like that I suspect. I don,t think there uis any reason to worry about.
     
  14. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Look at it in a different light.

    If the Trojan was a zero day what would have protected you better, SB at a meg installed or your AV at around 30 meg installed :-*

    With SB, Returnil and ghost images here I don't care about scanners for web pages.Even have website checking turned off in Firefox.

    The Stumbleupon addon will take me anywhere and I couldn't care less with no realtime blacklists implemented here.
     
Loading...
Thread Status:
Not open for further replies.