Page 1 of 1
how to scan a downloaded file while inside Sandbox
Posted: Wed Feb 17, 2010 3:36 pm
by pvrbulls
I'm brand new to this, so please excuse me if this is a completely stupid question.
I cannot figure out how to scan a file downloaded in Sandbox with my virus program(Avast)
I tried "run any program" to start Avast inside the Sandbox, but that just resulted in a locked up instance of Avast that will not Terminate.
Could someone please point me in the right direction.
Thanks,
pvrbulls
Posted: Wed Feb 17, 2010 3:40 pm
by Buster
Was Sandboxie still sandboxing processes when you ran the scan?
Re: how to scan a downloaded file while inside Sandbox
Posted: Wed Feb 17, 2010 4:39 pm
by bs1
pvrbulls wrote:I'm brand new to this, so please excuse me if this is a completely stupid question.
I cannot figure out how to scan a file downloaded in Sandbox with my virus program(Avast)
I tried "run any program" to start Avast inside the Sandbox, but that just resulted in a locked up instance of Avast that will not Terminate.
Could someone please point me in the right direction.
Thanks,
pvrbulls
Hello pvr. Your resident anti-virus program sees inside the sandbox without you having to do anything special. If you downloaded a file into your sandbox, then Avast would have alerted you if it detected malware.
Occasionally, I may want to double-check or triple-check a sandboxed file before recovering it to my real system. If I want to rescan it with my resident anti-malware (Nod32), the steps I take are: I open Windows Explorer (not Internet Explorer), then C:\Sandbox > User name > DefaultBox (or whatever the name of that sandbox is) > locate the file > right click on the file and select scan with Nod32. If I want to upload that file to VirusTotal to have it scanned by dozens of anti-malware programs, then I access the VirusTotal web site, click Browse, and then locate the file as described above and click Upload.
Re: how to scan a downloaded file while inside Sandbox
Posted: Wed Feb 17, 2010 8:15 pm
by pvrbulls
bs1 wrote:pvrbulls wrote:I'm brand new to this, so please excuse me if this is a completely stupid question.
I cannot figure out how to scan a file downloaded in Sandbox with my virus program(Avast)
I tried "run any program" to start Avast inside the Sandbox, but that just resulted in a locked up instance of Avast that will not Terminate.
Could someone please point me in the right direction.
Thanks,
pvrbulls
Hello pvr. Your resident anti-virus program sees inside the sandbox without you having to do anything special. If you downloaded a file into your sandbox, then Avast would have alerted you if it detected malware.
Occasionally, I may want to double-check or triple-check a sandboxed file before recovering it to my real system. If I want to rescan it with my resident anti-malware (Nod32), the steps I take are: I open Windows Explorer (not Internet Explorer), then C:\Sandbox > User name > DefaultBox (or whatever the name of that sandbox is) > locate the file > right click on the file and select scan with Nod32. If I want to upload that file to VirusTotal to have it scanned by dozens of anti-malware programs, then I access the VirusTotal web site, click Browse, and then locate the file as described above and click Upload.
Re: how to scan a downloaded file while inside Sandbox
Posted: Wed Feb 17, 2010 8:30 pm
by pvrbulls
Hello pvr. Your resident anti-virus program sees inside the sandbox without you having to do anything special. If you downloaded a file into your sandbox, then Avast would have alerted you if it detected malware.
Occasionally, I may want to double-check or triple-check a sandboxed file before recovering it to my real system. If I want to rescan it with my resident anti-malware (Nod32), the steps I take are: I open Windows Explorer (not Internet Explorer), then C:\Sandbox > User name > DefaultBox (or whatever the name of that sandbox is) > locate the file > right click on the file and select scan with Nod32. If I want to upload that file to VirusTotal to have it scanned by dozens of anti-malware programs, then I access the VirusTotal web site, click Browse, and then locate the file as described above and click Upload.
Sorry for the double post. I'll get this figured out eventually. javascript:emoticon(':roll:')
Good evening, bs1
Thanks for the excellent explanation. It works great. It's good to know that the anti-virus program sees inside the sandbox. But... I want to make especially certain on some files and this works great. I tried using Windows Explorer but did not think to find DefaultBox; I tried to go to the folder in my real system and, of course, it wasn't there; then I ran Windows Explorer from inside the sandbox, but then it didn't have the right-click option to scan the suspect file! That's when I "figured" that the anti-virus program must also need to be running within the sandbox; but that really didn't work! javascript:emoticon(':lol:')
Thanks again for the very helpful response.
pvrbulls
having trouble running Sandboxed
Posted: Thu Feb 18, 2010 2:34 am
by pvrbulls
I downloaded a file that is setting off my virus program so I wanted to see what happens when I run it in the Sandbox. Problem is that I get a Windows box that says "The process cannot access the file because it is being used by another process." I've closed everything except Sandboxie and Windows Explorer(opened by Sandboxie Control.) It's very late, soI am going to shut down for the night and try it first thing tomorrow.
Any other ideas?
Thanks,
pvrbulls
Posted: Thu Feb 18, 2010 7:59 pm
by dynarx
Your antivirus has probably blocked access to it. I daresay you may have to disable it's realtime protection and maybe even clean the sandbox and re-download a fresh 'unlocked' copy of the bug.
Another option is to download Unlocker
http://ccollomb.free.fr/unlocker/ to find which process has a lock on the file.
Cheers,
D
Posted: Fri Feb 19, 2010 2:13 pm
by pvrbulls
dynarx wrote:Your antivirus has probably blocked access to it. I daresay you may have to disable it's realtime protection and maybe even clean the sandbox and re-download a fresh 'unlocked' copy of the bug.
Another option is to download Unlocker
http://ccollomb.free.fr/unlocker/ to find which process has a lock on the file.
Cheers,
D
That's right. However, it appears that Sandboxie is the "problem" because I have tired it an several files, having turned of my anti-virus program before unpacking the files, and get the same result: Windows(apparently) says the files is still in use by another process. Unlocker will not work under Win 7 x64, so I downloaded and installed LockHunter, which seems to be about the same thing, and it indicated that there is nothing locking or blocking the files. I haven't tried to run the files outside the sandbox because I really don't trust them..........that's the whole point, right? javascript:emoticon(':)')