Sandbox should accommodate constantly changing applications/files

[Guest]

[HeffeD]

The sandbox needs some sort of functionality to deal with files or applications that are frequently changed.

For example, I have a Java application (in the form of a .jar file) that I compile sometimes several times a day. The sandbox wants to grab each new compilation and send it Comodo.

Now granted, it's great from a security standpoint that CIS is so vigilant about a changed application as this could be the work of something malicious. However, this application is safe and all that ends up happening is that I'm wasting my and Comodos bandwidth, along with the time of whoever gets the privilege chore of trying to figure out if these countless files submitted by me with the same name are safe or not...

There is a kludgey workaround to accomplish this. Add the file to the trusted files list, and apply the Installer/Updater security profile. However, that is less than intuitive (it is neither an installer, nor updater) and takes a bit of experimentation (and frustration) to achieve the desired results.

I think another option is necessary on the initial sandbox dialog to accommodate files that are expected to frequently change. If that is deemed too much of a security risk for the unwashed masses to accidentally click, perhaps a new security policy can be instituted that has a much more appropriate name? I don't know, something like Trusted/Changing or perhaps Path Based?

[EricJH]

+1

[Tech]

Isn't it a security hole?
Shouldn't the files/folders excluded that way be checked with MD5?

[EricJH]

Very strictly speaking it is. But this request is about giving the user a choice in case a file changes often; for example when developing a file.

[HeffeD]

Isn't it a security hole?
Shouldn't the files/folders excluded that way be checked with MD5?

As I replied to your other post, yes exclusions are always a risk, but sometimes that's the only workable option.

As it is a custom application, I don't feel it's a hot target for malware authors.

[mattpd]

+1

Or is it supported already?

I basically have to disable the sandbox feature entirely on my development box, otherwise it's unusable :-/

[HeffeD]

No it isn't supported already. Hopefully the next release will have a solution.

[kinemitor]

you ony need to add a exclution folder
D+ setting>execution control>exclutions and add the folder were yyou develop softwares
if not enought then in trusted files add the whole folder XD

[mattpd]

HeffeD,

That's unfortunate... seems disabling it is the only workaround for now.

kinemitor,
Are you referring to "Defense+ Settings > Execution Control Settings > 'Exclusions' button" ?

Figures:
http://help.comodo.com/topic-72-1-155-1142-Image-Execution-Control-Settings.html
http://help.comodo.com/uploads/Comodo%20Internet%20Security/ff043a0a3e5bb77e6eca4aae081522d2/5eac818f1e1c4adc19d335055b06586b/03d4320891d353fbd913d8d2a9a216c8/p1.png

The exclusions enabled using the 'Exclusions' button serve exclusively to "exclude some of the file types from being monitored under Detect Shellcode injections."

I believe both HeffeD and I are talking about Sandbox, not shellcode injections detections.

Unfortunately, there is no 'Exclusions' option under "Defense+ Settings > Sandbox Settings":

http://help.comodo.com/topic-72-1-155-1138-Sandbox-Settings.html

Naturally, Trusted files won't work either, because Sandbox keeps switching them to untrusted whenever contents' change.

That makes the Sandbox in current revision of Comodo a bug, not a feature.
A (hopefully temporary) workaround is to disable the Sandbox entirely.

Hopefully it'll get fixed in the update...

[spasserfan]

+1 

[Mainframe!]

First, I have tried Comodo Firewall before and was very disappointed.
I have been using PC Tools Firewall Plus v6.0.0.88 for a long time now and was pretty happy until I saw the latest testing at "Matousec".

I was willing to try v5.3.174622.1216 of CIS and WOW I am very impressed!
There is virtually no slowdown to Windows 7 (64 bit) and it seems to catch a lot of things that PC Firewall Plus would miss.

MY WISH (PLEASE, PLEASE) : I am a software developer and compile a new EXE of our product very often, sometimes 10 times an hour. Every time a new EXE is created and run, Defense+ pops up and sandboxes that occurrence of the EXE to whatever setting in the Defense+ Settings (i.e. "Partially Limited").
OK, so I click "Don't isolate it again". A new entry is added to the "Trusted Files" list. I need to exit the EXE and restart it to allow it to run unrestricted.
If I do a new re-compile, a new EXE is created (with a different check sum, MD5, whatever) and when I run it a new pop up is displayed to which I must again answer "Don't isolate it again". Again ANOTHER new entry is created, I need to exit the EXE again and re-run it to allow it to run unrestricted.
So by the end of the day I could have up to 50 new entries in the "Trusted Files" list which all look identical, but behind the scenes they will all have a different (checksum, MD5, whatever).

Please, please add an option to ignore changes to specific EXE files.

Most other HIPS software has this kind of setting, but I really miss that in CIS!!

[deadman]

You can go to Defense+ -> Computer Security Policy -> Defence+ Rules. Then Add and apply the predefined 'Installer/Updater' Policy to that EXE.

[Mainframe!]

You can go to Defense+ -> Computer Security Policy -> Defence+ Rules. Then Add and apply the predefined 'Installer/Updater' Policy to that EXE.

Wow, you answered that quickly!!

Thank you, thank you. I never thought of doing that. Obviously the "Installer/Updater" rule totally ignores any changes to the EXE itself.
I have deleted all the related entries from the "Trusted Files" list and added the single entry to the "Computer Security Policy -> Defence+ Rules" and it works perfectly now.
I looked everywhere to find a solution, but unless you know the inner workings of the CIS software (like you do), I was at my wits end to know what to set.

Thank you very much indeed!

Comodo Internet Security is a really good product and I would not hesitate to pay for it. I use a different virus scanner right now (Avira Premium) and just the Firewall component from CIS, but I will consider trying the rest of the CIS product at a later date.

Well done on a great product and great support!

[HeffeD]

I made a wishlist post about this several months ago.

Sandbox should accommodate constantly changing applications/files

[Mainframe!]

Hi "HeffeD" (thanks for the re-direct to your post) :

I tried to find a wish list topic about this problem, but had no luck. I instead created my own new topic, sorry about that.

This is really a problem for developers and you are very right about the "kludgey workaround" comment. I tried many, many ways to try to deal with this problem and never thought of calling the EXE an "Installer/Updater" at all.

I know that for general usage, you wouldn't want an option like this on the pop up itself, but it would be great to have a way to specifically exclude an EXE with a more specifically named option like "Changing EXE" or "Developer EXE" or something like that.
A warning could also be issued about the danger of enabling such an option on general EXE's.

Anyway: +1 to add this functionality.

[Tags:]