Advice Request Why eM Client MSI installer Bypass 360 sandbox?

Please provide comments and solutions that are helpful to the author of this topic.

Sunshine-boy

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
Hello,
Lately, I was testing the QIHOO 360 sandbox against malware samples and random files/installers. I found that the eM Client MSI installer can bypass 360 Sandbox.
Just download their installer from here:

www.softpedia.com


Download eM Client 7.2.34711.0 (Softpedia)
Free Download eM Client - A feature-packed yet intuitive email client that integrates not only calendars, contacts and tasks, but also instant messaging functions

Now, right-click the file, and select "run in 360 Sandbox." Wait for the installer to finish its job.

Now go to Program files folder and you will see emclient folder is there! And emptying the sandbox won't help, either.
This bypass was tested on both 360 Total Security Essential and 360 Total Security.

I'm posting this because 360 never answers my emails.
I like this AV and its smart HIPS and cloud, but the thing is 360 support is worst in the world!

There is another malware that can shut down your PC and disconnect you from Internet connection while running inside 360 sandbox.
You can test it yourself. PM me for link to the malware sample, I can't post it publicly because of forum rules.


Their forum is not even accessible by foreigners and you need to register with a phone number. :(:(:(
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I think the moral of the story is that building a good sandbox isn't so easy. Better to stick to the experts, like Sandboxie and Comodo. The smaller brands have not been tested enough. Who knows if they are any good or if they are getting the necessary updates.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
there are some other flaws. you can't run 360 ts on standard acc! they don't wanna fix this issue. the Chinese version is much better and less buggy.
You can't run it at all, or you can't configure it?
I remember that you can install it in admin account, and it will work also in SUA, but you need to switch to the admin account for all configuration changes.
 

Sunshine-boy

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
360 Total Security 10.6.0.1038
They didn't patch sandbox after 20 days! the MSI installer bypass sandbox and that malware can still disconnect me from the internet and shut down my machine!
it seems they don't care.360 researchers are busy with Apple iPhone and Google chrome bugs! they should first fix the 360 bugs :)
Good cloud and hips but I don't recommend this Av anymore. Peace of crap.chinese version is 10x better than this crap(robust firewall with advanced protection, sandbox use Intel virtualization technologies, banking mode, QEX engine,360 security respond engine and more features that the international version don't have them)
New Chinese Av Huorong is much better than this crap! they don't have a cloud and sandbox but at least they care about bugs and flaws.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top