This is just an experiment to discuss the testing of detection using Sandboxie to narrow down what is and what isn't happening so that I and maybe others can understand. This is with the eicar test file, but could be relevant to other files as discussed recently in relation to Spyblaster/Spyware Cease. I'm using Sandboxie 3.38. I created a sandbox called Software and downloaded the eicar test file then put it into that sandbox. If I right-click the Software folder, eicar is detected as one would expect. If I go into the folder and scan the eicar file itself, it's not detected, but extra items are created in that sandbox when the scan takes place. These are a Reghive and corresponding log and a user folder containing a csidb.csi file a few folders in. Even with those files/folders created, the eicar test file is not detected with Prevx. On reflection, this also occurred on my previous scans with Spyware Cease, but didn't notice them as much because of so many other extra files. I'm just wondering if Prevx should be detecting further into the sandbox folder than it is. If this is not how it works, then the answer is to scan the sandbox folder anyway as we know it does detect that way assuming the cache is clear.