stefanos

Level 24
Verified

:):):):)

It's old software but quite capable...
Hey Bora, I think InstallWatch 2.5 can only record up to 180,000 files for its snapshots. I had to give up on it back around 2012 or so, because of this. Maybe there is a version where this has been changed, not sure...

It doesn't officially support Windows 10, but can be made to run. I've posted instructions on how to do this before. However, I no longer recommend using it under Windows 10, as from time to time it stops working and will no longer monitor program installs.
I used to run into this running version 1.2.188360.106 on Windows XP and W7, but I haven't seen this happen in years. I think it's more a testament of stabler systems through the years than anything I suppose. Perhaps quirky PC performance of the older systems was to blame in W7.

On W10, I'm surprised it's happening, but there is a simple remedy if anyone is doggedly determined to run the software. The remedy that worked for me was to move the file C:\Fileimage.dat to a secondary drive or flash drive and then reboot to a boot time rescue environment. Safe Mode would probably work, can't recall if I ever tried SM. From there replace the file to its original location. Also, just rebooting and replacing the file while in Windows and then rebooting again seems to work...

CPM is absolutely one of my favorite softwares through the years. For me for some reason it just works lol...
 

Andy Ful

Level 49
Verified
Trusted
Content Creator
This result was easy to predict when testing against the common malware (even 0-day). WD Sandbox was 100% efficient. Its role is protecting the potentially vulnerable WD processes, and as we could see WD processes worked well to the end. It is also probable that we could get a similar result without WD Sandbox, because most malware samples do not attack WD processes.
It would be interesting to test Windows Sandbox against the malware.:giggle:(y)
 
Last edited:

Andy Ful

Level 49
Verified
Trusted
Content Creator
Being serious, there are several native sandboxes used in Windows 10 (at least 4). Only one of them is available on Windows Home: Windows Defender Sandbox. It covers the potential vulnerabilities of WD processes. These processes are running with high privileges, so exploiting them could give the malware high privileges automatically.

The testing procedure is totally inadequate for testing Windows Defender Sandbox. It is also inadequate for Windows Sandbox and Microsoft Edge Application Guard. The only sandbox that could be tested in this way is detonation sandbox (WD cloud feature) available in Windows Enterprise (E5) editions.

The guy who made the video, simply thought that WD Sandbox works like some detonation sandboxes in 3rd party AVs (which is not the case).
I think that we had already a similar thread:
 
Last edited:

oldschool

Level 38
Verified
The testing procedure is totally inadequate for testing Windows Defender Sandbox. It is also inadequate for Windows Sandbox and Microsoft Edge Application Guard. The only sandbox that could be tested in this way is detonation sandbox (WD cloud feature) available in Windows Enterprise (E5) editions.
I'm confused by the OP and video. Was he testing Windows Defender or WD Sandbox? Or was he testing as if it was a "detonation sandbox (WD cloud feature) available in Windows Enterprise (E5) editions."?

Maybe I need to turn up the sound while watching?