When I use an unsandboxed Firefox to download the EICAR test file (http://www.eicar.org/85-0-Download.html), my AVG Anti-Virus Free Edition 2013 (running on Windows 7 64-bit) pops up a box saying it has detected a virus.
But then when I use a sandboxed Firefox to download the EICAR test file, I don't get any alert from AVG. I can see the eicar.com file in my C:\Sandbox\username\DefaultBox\user\current\Downloads directory. Then when I right click on the eicar.com file inside that sandbox directory and select "Scan with AVG", AVG detects the virus.
Any idea why the AVG Resident Shield doesn't detect the virus immediately after it is downloaded inside the sandbox?
AVG does not detect virus downloaded in sandbox
Interesting, and scary, because my Malwarebytes Pro doesn't even detect those files as a possible virus after I move them out of the sandbox.
What the heck?
I updated to the latest Malwarebytes Pro AV engine yesterday, and also the definition files, then rebooted as required.
What the heck?
I updated to the latest Malwarebytes Pro AV engine yesterday, and also the definition files, then rebooted as required.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Paul, this is known behavior by MBAM.
As I recall, they justify the failure to identify the EICAR tests as viruses because they consider their app to be an adjunct to a standard AV and concentrate on the threats that standard AV's either miss or do not provide comprehensive protection against.
As to the issue of AV's detecting within the Sandbox, I have had issues with Hitman Pro not being able to properly run or detect within my downloads folder (which is forced).
If I move the file out of the downloads folder, it works as expected.
I do not have that same issue with either MBAM or EAM.
As I recall, they justify the failure to identify the EICAR tests as viruses because they consider their app to be an adjunct to a standard AV and concentrate on the threats that standard AV's either miss or do not provide comprehensive protection against.
As to the issue of AV's detecting within the Sandbox, I have had issues with Hitman Pro not being able to properly run or detect within my downloads folder (which is forced).
If I move the file out of the downloads folder, it works as expected.
I do not have that same issue with either MBAM or EAM.
Blues
Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV
On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect
Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV
On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect
Thanks for the link, opera.
I think their attitude towards checking the EICAR files is misguided.
Just how hard can it be to add those few files to their virus definitions?
It's not as if the contents of those files ever changes.
I think their attitude towards checking the EICAR files is misguided.
Just how hard can it be to add those few files to their virus definitions?
It's not as if the contents of those files ever changes.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Who is online
Users browsing this forum: No registered users and 1 guest
