Sandbox alert

All of a sudden, I keep getting a Sandbox alert which I don’t understand, as never had one before.

Keep getting c:\apps\smp\pbcarnot.exe

assume pb is Packard Bell - I don’t understand what it is and why I’m getting this message.

What product of Avast are you using?

What settings do you have in the Sandbox?

What are you telling Avast to do when you get this message? Do you have Packard Bell?

Avast free v.6. Settings in Sandbox Automatic and yes have Packard Bell. Just can’t work out why it keeps popping up and whenever it does, I put it into Sandbox

The autosandbox process is controlled in the first instance by the file system shield (FSS), the pbcarnot.exe file is scanned before it is allowed to run. If it were infected, it could/should be by the FSS, so one reasonable thing in its favour is it hasn’t had a definitive detection.

However the FSS checks other things amongst those a) is the file digitally signed, b) its location and what it does (this is done in the emulation check). these can trigger a suspicion and it is this suspicion that results in the recommendation to use the autosandbox.

Now the user can accept this decision and run it in the autosandbox or have it run normally and to Remember the answer for this program. Provided of course you are familiar with the program and that it is clean.

Thank you for your reply. Firstly what is this file? Sandbox alert just popped up as I’m typing. I don’t know what the file is and I don’t know why all of a sudden I am getting an alert about it. Do you know what c:\apps/smp/pccarnot.exe is and the alert says it’s trying to be opened in
c:\windows\system32/svchost.exe

Why all of a sudden, out of the blue, should the Sandbox query this file.

Thank you for your help.

upload suspicous file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the URL in the address bar and post it here for us to see

alternative
VirSCAN http://virscan.org/
Jotti http://virusscan.jotti.org/en

When I get the alert for Sandbox, I can’t tick the box “remember my answer” - it’s all greyed out so I can’t stop the alert popping up.

Found the file at last. PBCARNOT.EXE is Packard Bell Care Notifier. Why Avast should out of the blue flag this up I don’t know. Anyway, deleted the exe file. Let’s see if it pops up now. Still don’t understand why I can’t tick the box “remember my answer”.

Thanks for all your advice.

Did you change the AutoSandbox to Auto ?
Set on Ask, that option should be available, but only if you have chosen to Open Normally first.

You could manually enter the full path to the program file and enter it in the, avastUI, Additional Protection, AutoSandbox, Settings, you can add that path in the Files that will be excluded from automatic sandboxing. See image example.

c:\apps/smp/pccarnot.exe
in your reply #4 you use a different name "pccarnot.exe" ?

In the free version of avast!, the checkbox can only be ticked for the option “Run normally”.

Sorry - typo
pbcarnot.exe - anyway found it, deleted it as I’m sure I don’t need it anymore. But still interested to find out why Avast kept flagging it up.