botherder
commented
9 years ago This is actual a problem that needs to be investigated further. I'll open another ticket more specific to the sandbox evasion.
Closed theevilbit closed 9 years ago
botherder
commented
9 years ago This is actual a problem that needs to be investigated further. I'll open another ticket more specific to the sandbox evasion.
botherder
commented
9 years ago Moved to #509.
Would it be possible to add a feature to the analyzer agent to close an application towards the end of the analysis? Run on close macros can bypass sandboxes, as they will never exit the started application and thus the malware will not start, as described here:
https://www.proofpoint.com/us/threat-insight/post/Run-on-Close-Macros-Try-to-Shut-the-Door-on-Sandboxes