Question (False Positives) Question About Sandboxie+ & Potential Malware/Ransomware

Toggle sidebar Toggle sidebar
Status
Not open for further replies.
R

RKD2313

Prominent
Aug 13, 2021
83
2
535
I understand how to use Sandbox and its purpose, but other than something happening thats blatantly obvious, I was wondering what are some signs to look for that the file you just ran is malicious?

When I say "Blatantly Obvious", Im talking about popups and the installation of PUP's. I know it can be difficult to tell and its not an exact science. Im just trying to further educate myself on the topic. I dont want something to seemingly run fine in Sandboxie+ only because Im ignorant to the subject and then when I introduce said file onto my system Fit hits the shan.

How do check/look to see if there is "Dialing out" happening?
Or something being Monitored that shouldn't be?
Should I check/monitor bandwidth usage?
 
Sort by date Sort by votes
Math Geek

Math Geek

Titan
Ambassador
Oct 15, 2014
18,016
2,331
101,590
you're best bet when messing with such things is to do it inside a VM. keeps it isolated and let's you have a full OS to work with to see what may or may not be happening.

something like wireshark on the vm will let you view the network traffic coming and going. process explorers like task manager or the more power user focused versions will show you what is running also helping determine if something new or bad is happening.

but all of this depends on you knowing roughly what is "normal" so you can easily spot what is new/abnormal. new may not mean bad but it might.

not gonna ask what you are doing but i am pretty sure i know and in the end you will end up with very bad stuff on your pc. keep all important data backed-up OFF the pc so you can restore it when the inevitable happens and you have to totally blow away your pc and start with a fresh windows install.

don't wait until it happens to try to salvage it, cause once you release it onto your system, it is all over and NOTHING can be done. don't mess with the bull, if you don't want the horns as the saying goes. ... :)
 
  • Like
Reactions: RKD2313
Upvote 0 Downvote
ex_bubblehead

ex_bubblehead

Titan
Moderator
Aug 24, 2012
16,247
1,515
87,240
Unfortunately there are many bits of malware that can detect that they are running in a VM and will shutdown and hide themselves from all scanners. I personally have a completely isolated network of test machines in my lab for such things. No VM's so the nasty bits can't hide. When done, everything on the test network gets sanitized and reimaged, ready for the next round.
 
  • Like
Reactions: RKD2313
Upvote 0 Downvote
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom