2.) Go to system32 and start taskmgr.exe sandboxed. With it start a MSI install package. It seems like if the Windows Installer would be sandboxed due to the red frame around its window. But in fact it creates files outside of the sandbox.
Tech, that Leaktest doesn’t test the sandbox, it tests the firewall and HIPS. (But Julian_evil was testing the sandbox; by trying to see if something would get created outside of it) The anti-virus component blocks some of them but the firewall doesn’t respond to them. And here’s the reason for this.
I think it has to do with permissions. Some sandboxed programs can’t open because of no permission, even if you click run as administrator. So maybe that’s why you get a better score when it’s virtualized, because of the blocking. Anyway, the sandbox isn’t tested by leaktests, they could help, but they mainly test firewalls and HIPS. After all, a sandbox’s job is to make sure nothing reaches your real computer.
Everytime I do it, iexplore.exe is sandboxed and no files are created outside of the sandbox. Am I doing something wrong? ??? http://www.screencast.com/t/NDRlY2EyZDMt