EIS sometimes fails to monitor the file downloaded by browsers running in Sandboxie

Status
Not open for further replies.
Online_Sword

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
When I visit some malicious links with chrome running in SBIE, I find that some downloaded malware samples will not incur any alert from EIS.
This is not incurred by a false-negative detection, since when I manually scan the sandbox folder with EIS, the malware samples can be detected and removed.
I do not think that Emsisoft has a policy that automatically add any process running in SBIE to the white-list of real-time/on-access scanning, since there also exist some malware samples downloaded in SBIE can actually be detected in the real time.
I should say that this problem makes me worry about the monitoring capability of EIS.:(
 
  • Like
Reactions: Terry Ganzi
Terry Ganzi

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
Online_Sword said:
When I visit some malicious links with chrome running in SBIE, I find that some downloaded malware samples will not incur any alert from EIS.
This is not incurred by a false-negative detection, since when I manually scan the sandbox folder with EIS, the malware samples can be detected and removed.
I do not think that Emsisoft has a policy that automatically add any process running in SBIE to the white-list of real-time/on-access scanning, since there also exist some malware samples downloaded in SBIE can actually be detected in the real time.
I should say that this problem makes me worry about the monitoring capability of EIS.:(
Click to expand...

He on over to https://support.emsisoft.com/ & they will sort you out fast.:)
 
  • Like
Reactions: Venustus, Koroke San and Online_Sword
Online_Sword

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
Terry Ganzi said:
He on over to https://support.emsisoft.com/ & they will sort you out fast.:)
Click to expand...

According to my experience, when I post in the official support forum, there will be at most one stuff reply my thread in each day, and he/she will reply at most once every day, no matter the reply can solve the problem or not.
For me, posting in the support forum and waiting for the reply is just like sending a mail to the support stuff by pigeon...
The long wait is really torture for me...
 
  • Like
Reactions: bintangtimur, jamescv7, Venustus and 2 others
H

hjlbx

Online_Sword said:
When I visit some malicious links with chrome running in SBIE, I find that some downloaded malware samples will not incur any alert from EIS.
This is not incurred by a false-negative detection, since when I manually scan the sandbox folder with EIS, the malware samples can be detected and removed.
I do not think that Emsisoft has a policy that automatically add any process running in SBIE to the white-list of real-time/on-access scanning, since there also exist some malware samples downloaded in SBIE can actually be detected in the real time.
I should say that this problem makes me worry about the monitoring capability of EIS.:(
Click to expand...

Emsisoft does not white-list files in SBIE sandbox folder = you are correct.

I think what you have is a potential bug and should be reported on the Emsi Support Forum.

Yes. Emsi forum can be painfully slow, but the solutions are always of a very high quality. Where else do you have a direct line to the developers???

In past versions, e.g. v. 9.0.0, Emsi always detected downloaded malware using either Chrome or SBIE. Since Emsi just over-hauled their scan engine it could be possible something is amiss... however, if you transfer the file from the sandbox folder to the regular Windows file system - EIS will detect and alert... so the physical system is protected.

In any case, EIS File Guard seems to be not working correctly. In my experience, EIS should detect any malware whether it is within the virtual container or outside.

Really. Despite the slow response, you will help out all other users by reporting the issue on the Emsi forum.
 
  • Like
Reactions: Online_Sword
H

hjlbx

Danpitt said:
I had a rootkit infection that was running through svchost processes. I am not sure if its fixed after miracle re install, and scrub of partition. I doubt it. Takes about two weeks then pc will finally lock up a boot after fighting it. I put Spyshelter firewall in with Emsisoft on max settings with behavioural monitoring custom for svc host. Also voodoo shield. You think those custom settings in ems will help?
Click to expand...

If that rootkit infection reappears after a partition wipe and clean OS install then something is really wrong...

If you are using EAM + VS that should protect your system - but that combo will not do much if there is already a FUD rootkit already on your system.

I would think you're OK now after all that you have done in sanitizing your system...
 
Online_Sword

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
hjlbx said:
Emsisoft does not white-list files in SBIE sandbox folder = you are correct.

I think what you have is a potential bug and should be reported on the Emsi Support Forum.

Yes. Emsi forum can be painfully slow, but the solutions are always of a very high quality. Where else do you have a direct line to the developers???

In past versions, e.g. v. 9.0.0, Emsi always detected downloaded malware using either Chrome or SBIE. Since Emsi just over-hauled their scan engine it could be possible something is amiss... however, if you transfer the file from the sandbox folder to the regular Windows file system - EIS will detect and alert... so the physical system is protected.

In any case, EIS File Guard seems to be not working correctly. In my experience, EIS should detect any malware whether it is within the virtual container or outside.

Really. Despite the slow response, you will help out all other users by reporting the issue on the Emsi forum.
Click to expand...

Thank you for your suggestion.
Since the malicious link that causes this problem broke down soon after I created this thread, I did not submit this problem to Emsi.
However, currently I am discussing another bug of EIS corresponding to SBIE with Emsi's staff in the forum ;)
https://support.emsisoft.com/topic/...lications-installed-in-sandboxie/#entry133242
 
Status
Not open for further replies.

Similar threads

C
    • Like
  • Question
Question How to judge a file is safe or not in Virustotal?
Replies
28
Views
1,104
General Security Discussions
Practical Response
Practical Response
Gandalf_The_Grey
    • Like
    • Thanks
    • HaHa
Hot Take Microsoft: Why is Microsoft Edge running in the background?
Replies
10
Views
1,251
Microsoft Edge
Pat MacKnife
Pat MacKnife
Brownie2019
    • Like
On Sale! AVG Ultimate 1PC,1Yr, $ 10,92
Replies
0
Views
206
Discounts and Deals
Brownie2019
Brownie2019

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top