Sandboxie and AV? How can this be.

This is not about a AV not doing its job but about 2 that do. I have Sandboxie and I know a site that if I go there a trojan is found. Both Nod and Kaspersky find it and Quarantine the trojan. The thing is since I am sandbox how come the trojan is still in boths Quarantine file. I thought when you closed Sandboxie everything gets deleted, but not in this case. And good work to both AVs.

 

I think the answer is that since the AV is not sandboxed (treated as a trusted program), it can access the sandbox.
It's when a sandboxed application tries to access/modify files outside the sandbox that SandboxIE blocks it.

 

but it did because if I clicked on restore in Quarantine in either AV it would then be active. If thats the case then Sandboxie really isnt that secure. Also a good reason web scanning is important.

 

I have it set to delete the contents on sandboxie on closing.

 

Your antivirus software is not sandboxed. Since that is the case, when it detects the virus, it moves the virus out from inside the sandbox into its quarantine area OUTSIDE the sandbox. Since your antivirus quarantine area isn't inside the sandbox at all, I don't see why you should be alarmed that emptying your sandbox has no effect on your antivirus quarantine.

 

Then why is Stapp's quarantine empty, but not Trjam's

 

Antivir just failed to quarantine here.

 

You are exactly right!
There is nothing wrong/ unusual in the scenario posted by trjam.

 

Hi aigle, is there anything I can change within Sbie or Avira to fix this? Or are you just saying that this was a rare occurrence. Thanks

 

It,s my guess and it must be a rare occurance, nothing wrong with Antivir or SBIE.
Contents of Sandbox are a pert of ur HD and ur AV can delete/ quarantine anything from ur HD!

https://www.wilderssecurity.com/showthread.php?t=126406&highlight=sandboxie

If u want confirmation, try downloading Eicar test file via ur sandboxed browser.

 

Thank you for your reply aigle. I didn't think there was anything wrong. I just installed Avira last night so I'm not that familiar with it. I'm also still using Sbie 2.86 and haven't messed with it much. I didn't know if I missed a setting or anything. Thanks for the link, it helped a lot.

Thanks, innerpeace

 

There seems nothing wrong with Antivir settings. Just a miss or something like that I suspect. I don,t think there uis any reason to worry about.

 

Look at it in a different light.

If the Trojan was a zero day what would have protected you better, SB at a meg installed or your AV at around 30 meg installed

With SB, Returnil and ghost images here I don't care about scanners for web pages.Even have website checking turned off in Firefox.

The Stumbleupon addon will take me anywhere and I couldn't care less with no realtime blacklists implemented here.