Avast want to run ccrypt.exe in sandbox?

I’ve been running ccrypt.exe v1.9 for a couple of years without problems in some backup scripts. The recent Avast update now want to run it in the sandbox, says it’s suspicious. Yes, it’s not terribly difficult to exclude it from the sandbox, but I’ve shared these scripts with a number of others, and aside from the support issue that creates, is there something we have to worry about from this program? What could make it suspicious?

since it is a cryted file avast! must have seen it as a suspicious way and could have asked u to run in it in sandbox.It is reccommended that u do the same.Anyway if u think it is malcious upload it to virus total and see the results.Here is the link to virustotal:

www.virustotal.com

hope this helped u out!!!

regards,
com155.

Hi wlocker,

As the file can also be downloaded from questionable resources there are PUP variants of the software but also integrated downright malcious versions, see: Crypt.exe md5-sha1-crc32-hashes, resp. 06EEB77ED3900E51F53918145C7EB698 * - 59F848D5D4F1913D687CE987F99CDE41CE13D5CF - 3E535AE3 (7-31-2005-1,488 - executable) and part of malware here: http://bugbopper.com/MD5Lookup.asp?md5=06eeb77ed3900e51f53918145c7eb698 * so it is understandable that avast like you to run this in a sandbox first,

polonus

There is little point in sending it to virus total as avast hasn’t actually found it to be infected.

The autosandbox process is controlled in the first instance by the file system shield (FSS), the suspect.exe file is scanned before it is allowed to run. If it were infected, it could/should be detected by the FSS, so one reasonable thing in its favour is it hasn’t had a definitive detection.

However, the FSS checks other things amongst those a) is the file digitally signed, b) its location and what it does (this is done in the emulation check). these can trigger a suspicion (in this case encryption of files would be a good guess (some malware does that) and it is this suspicion that results in the recommendation to use the autosandbox.

Now the user can accept this decision and run it in the autosandbox or have it run normally and to Remember the answer for this program. Provided of course you are familiar with the program and that it is clean.

Hi DavidR,

I would know what to do. I would follow up avast’s suggestions here. They did bring in the sandbox protection with a purpose and for it to be used. Once some software I use to run for ages suddenly came bundled differently with additional crap and I was glad it was run through the sandbox to make me aware of that fact and I could find another source to install that application from now running smoothly in the background and without the undesirables. Sandbox with av or browser alike, use it to your advantage,

polonus

Well running it once through the sandbox in theory would see if any avast alerts occur, if not no need to run it again. But for something on the system for some considerable time, I would probably run normally and remember.

The reason I say that in this instance is the fact that it is a file encryption tool and I don’t know how that would work inside the sandbox, e.g. you would have to access explorer and select a file for encryption and encrypt it, so I’m not sure if this could all go on in the sandbox. If so no real problem as the file wouldn’t actually get encrypted on the live system, but the user may think that it actually has been encrypted.