Feedback to ZoneAlarm Developers...
Browser: Firefox 12.0
Sandbox: Sandboxie 3.54
URL: http: ~~snip~~
Downloaded file: WECPSetup.exe
Issue #1, Stealing the Focus: In sandbox (browser AND destination folder), while attempting to rename the file prior to saving it, ZoneAlarm's scanner stole the focus, and my keystrokes went into the scanner instead of into the filename box. Several unexpected things happened. STEALING THE FOCUS LIKE THAT IS DANGEROUS!! IT SHOULD NOT BE DONE!! (I won't tell the story about how an overly eager disk management program once stole the focus from my text editor to tell me that the disk check was complete and asking what I wanted to do next, just as I hit the "F" key.) Suggestion: Allow the disk save to complete (no harm there) AND THEN tell me about the virus detection. ...And, Yes, I'm going to make the entire sandbox off limits to the real-time scanner in the future.
Issue #2, Mystifying Scanner Report: What am I to make of "not-a-virus: WebToolbar.Win32.InstallCore.a" in the following report?
File name: WECPSetup.exeIssue #3, Strange Help: In an attempt to fathom what "not-a-virus: WebToolbar.Win32.InstallCore.a" meant, I clicked the For additional virus information and assistance, visit us at the link: Antivirus Resources link in the status bar of the Antivirus/Anti-spyware Scan popup. I then had to allow a non-sandboxed browser to be launched--Gasp!--and I was taken here:
Virus name: not-a-virus: WebToolbar.Win32.InstallCore.a
Risk:! Action required
Path: E:\Sandbox\Mark_Filipak\DefaultBox\drive\F\Games\W ECPSetup.exe
The page totally mystified me and didn't seem to have any bearing on the virus detection I'd just experienced. Certainly, it didn't answer what "not-a-virus: WebToolbar.Win32.InstallCore.a" meant.
So, I joined this forum. ...And, Yes, I understand why ZoneAlarm didn't know I already had a web browser running in the sandbox.
Thanks for the bandwidth - Mark.