For the 0.2/5.4.1 release, both 32-bit and 64-bit .exe's are detected as trojans

[dakushijin]

Windows Security detects : SandboxieInstall64-v5.41.0.exe (with) Trojan:Win32/Ymacco.AA07 SandboxieInstall32-v5.41.0.exe (with) Trojan:Win32/WacatacC!ml

I'm new to Windows, so I don't know if this is because Sandboxie is seen as suspicious because all of its admin capabilities, or there's something bad going on here.

[DavidXanatos]

Its because the sandboxie driver is signed with a leaked certificate as a genuine one would cost around 1k€/year.

Without a signature windows wont load the driver so not signing is not an option.

And of cause once a certificate is leaked many people use it some of them bad.

But that does not pos any risks.

Its only an inconvenience as then some Antimalware fools wrongfully flag good software as potentially dangerous.

[n01337]

It would load the self-signed driver if Windows is put into "Test mode" by rebooting it appropriately once. This works very well for e.g. the Sony Xperia rooting tool "flashtool" - and there would be no virus warnings anymore. This might be the more "approachable" option instead of untrusted certificates.

[DavidXanatos]

It would load the self-signed driver if Windows is put into "Test mode" by rebooting it appropriately once.

Well putting your windows permanently into test mode, gives you a ugly watermark on the bottom of the desktop. And than your windows will load not only Sbie but any other unsigned driver as well. So at least in principle that would weaken your security. While the use of a leaked certificate does not do that, it only requiters you to assert dominance once over your antivirus tool.