Question (False Positives) Question About Sandboxie+ & Potential Malware/Ransomware

Aug 13, 2021
I understand how to use Sandbox and its purpose, but other than something happening thats blatantly obvious, I was wondering what are some signs to look for that the file you just ran is malicious?

When I say "Blatantly Obvious", Im talking about popups and the installation of PUP's. I know it can be difficult to tell and its not an exact science. Im just trying to further educate myself on the topic. I dont want something to seemingly run fine in Sandboxie+ only because Im ignorant to the subject and then when I introduce said file onto my system Fit hits the shan.

How do check/look to see if there is "Dialing out" happening?
Or something being Monitored that shouldn't be?
Should I check/monitor bandwidth usage?

Math Geek

you're best bet when messing with such things is to do it inside a VM. keeps it isolated and let's you have a full OS to work with to see what may or may not be happening.

something like wireshark on the vm will let you view the network traffic coming and going. process explorers like task manager or the more power user focused versions will show you what is running also helping determine if something new or bad is happening.

but all of this depends on you knowing roughly what is "normal" so you can easily spot what is new/abnormal. new may not mean bad but it might.

not gonna ask what you are doing but i am pretty sure i know and in the end you will end up with very bad stuff on your pc. keep all important data backed-up OFF the pc so you can restore it when the inevitable happens and you have to totally blow away your pc and start with a fresh windows install.

don't wait until it happens to try to salvage it, cause once you release it onto your system, it is all over and NOTHING can be done. don't mess with the bull, if you don't want the horns as the saying goes. ... :)
Reactions: RKD2313


Unfortunately there are many bits of malware that can detect that they are running in a VM and will shutdown and hide themselves from all scanners. I personally have a completely isolated network of test machines in my lab for such things. No VM's so the nasty bits can't hide. When done, everything on the test network gets sanitized and reimaged, ready for the next round.
Reactions: RKD2313