Trojans identified by MS Defender in Sandboxie Classic exe

That's right, but as you write yourself "may contain" so it's not proven and still assuming. Very clever people had tried to prove about sensitive data but fond nothing yet.

For the second - yes, they do, but you can disable. But - any antivirus vendor is collecting, and guess what - Kaspersky is inserting still a user id into any web request. Not personal specific anymore because they have been caught, but in general they do.

For the third - antiviruses work this way. I think you fight a very big mistake in your thinking. We use Antivirus to react - react faster as human can do. Myself is not able to prevent a data breach while reading a dialog, decide what to do, while ransomware is encrypting my system that fast. You fight windmills.

And that's also wrong. As long tzuk or Sophos worked on sandboxie there were no issues, until you changed something elementary for what reason ever. I don't thinks it's the certificate, must be another. And you wrote a lot of times about a scrambled driver. It's you made a change where any decent antivirus catches a suspicious file as it did for years now. It's you to revert this decision, you can not revert antivirus behavior.

 

No it means its up to random chance whether it flags a personal file or not.

No the mistake is on your part deleting a file does _NOT_ protect you, denying access to file does, preventing it from loading does, terminating a process does.
Deleting is unnecessary overkill.

And NO antiviruses did not always work this way, in the good old days, they only blocked access and showed a window asking what to do.
For the user to decide, no permanent or irreversible action was taken automatically.

That's why this modern miss behavior annoys me so much, it was changed to the worse for no valid reason whats o ever.

That is playinly wrong, just try striping he signature from original sbie files from one of the last official releases and send it to VirusTotal you will run into a few false positives with those to. Invincia just had their certificate white listed so even if that would sign a honest to god virus it would probably trigger no detection LOL

Heck or just go on the graph view in VT for the last official signed installer SandboxieInstall-533-6.exe and it will show you that 6 of the contained files ar malicious


That's the original Sophos signed file

The driver is a different story, and since December the is properly signed.





To summarize what modern antivirus do: they flag pretty much everything unless it has a well known digital signature, that's just BS and its lazy . And its willfully causing harm to other.

 

Well, i see no forthcoming while you blocking. i should rethink about credentials for sandboxie, in special when you show outdated results where no one has/had issues. And there is no evidence shown from defender in a yesterday (signature) scan, while 15 engines found something (14 on kmdutil), on x86 more than x64 (mcafee on sbiedrv.sys).

As I mentioned this did not happen each release, so the ball is on your side of the field to revert those changes.

For me there exists again another issue about unnecessary restarts of Windows after updates. Not acceptable. That wasn't needed until you inserted the encrypted code and/or files.

"take it or leave it" - for now i leave it (behind).

 

@Brummelchen
the latest x64 kmdutil
sha256: 6bf318ecd530d7c7c6c7acb42187e3f2a65b0b54f47e84e57b5efe9a6e0add12
has 0 detections just see for yourself on VT


and the only thing i changed in this file since a few versions is to add a signature the source did not change for a couple of versions by now.

Anti malware fools that relay on files being signed to determine if the files are malicious are useless, as simple as that.



EDIT: Also please try thinking very very hard: x86 and x64 versions are build from the exact same source, they do the same, non of them can be more malicious then the other, yet they are assessed very differently by those anti malware fools.
Doesn't that strike you as suspicious?
Its an obvious indication that those anti malware fools just don't know what they are doing.
As simple as that