Hello.

I just noticed that in some way, the ctfmon.exe file is running virtualized in the sandbox. Not the AutoSanbox, but the regular one. And I didn’t put it in there! Have Avast done it? But if it did, then it should be in AutoSandbox, right?

Anyway, the file is located in "C:\Windows\SysWOW64", Is that the correct path for this process (where it should be)?

Thanks.

Uninstall the alternative input thing from MS Office and you will not see it.

Some info on the the reason it is sandboxed.

ctfmon.exe is a helper process used in Windows to support input in multiple languages. Your observation is right, Windows injects it into the SafeZone as soon as an interactive process is started there, but I don't think it's a problem.

Call it a feature.

Thanks!