Author Topic: Specific FW rules for s'boxed processes ? (Technical FAQ) [v6]  (Read 12462 times)

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11856
Ok I have retested this with an unknown file with FW in safe mode
When FW set to block web access was denied
with FW rule set to ask an alert was issued asking for web access
I have only managed to test this with one unknown file though at present

I have created a custom folder for SWIron then ran the installer virtualised
I did create a shortcut, it installed in VTRoot/Harddiskvolume1/SRWareIronTest/SRWareIron

I also got the same results by running the installer sandboxed then creating the rule
then entering the kiosk - because SWIron was installed virtually it creates a shortcut in the kiosk
Thanks Treefrogs, much appreciated

I'll start drafting the FAQ in the first post, crediting your assistance of course. Then after you have finished looking at the reset problem I'll split off the discussion into the feedback post so as not to confuse, if that's OK with you.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11856
I have noticed that the sandbox has failed to reset after this last test
I hit the reset sandbox button and get the error message -An error occurred while resetting the sandbox-
CIS task manager shows one task running- resetting sandbox
screen attached

I'm going to retest with more/different unknown files as I appear to be getting inconsistent results

Edit: attached screen


Looks lie you are hitting some instability. Please report this as a bug in standard format with all requested information. If you can identify the process that is doing the resetting, please take a dump of it while it is hung (sorry not sure which one does this, but it should be consuming CPU while it tries to reset). Also if you have the time please zip up your VTRoot contents.

Are you getting any duplicated directories showing in explorer (program files). I get this quite often, and usually means Kiosk crashes or hangs afterwards.

After doing this try a reset after a reboot.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11856
Re: Specific FW rules for s'boxed processes ? (Draft Technical FAQ) [v6]
« Reply #32 on: February 27, 2013, 04:49:28 AM »
Updated the FAQ see what you think

Offline treefrogs

  • Comodo's Hero
  • *****
  • Posts: 550
  • Money.... it's a crime
Re: Specific FW rules for s'boxed processes ? (Draft Technical FAQ) [v6]
« Reply #33 on: February 27, 2013, 09:43:57 AM »
Looks lie you are hitting some instability. Please report this as a bug in standard format with all requested information. If you can identify the process that is doing the resetting, please take a dump of it while it is hung (sorry not sure which one does this, but it should be consuming CPU while it tries to reset). Also if you have the time please zip up your VTRoot contents.

Are you getting any duplicated directories showing in explorer (program files). I get this quite often, and usually means Kiosk crashes or hangs afterwards.

After doing this try a reset after a reboot.

Rebooted and reset all is as it should be now sorry I missed above ^ post so cannot take the required dumps
unsure whether to report this as a bug with the missing info - I will try to recreate the hang and gather all required data and report bug then
Thanks Treefrogs, much appreciated

I'll start drafting the FAQ in the first post, crediting your assistance of course. Then after you have finished looking at the reset problem I'll split off the discussion into the feedback post so as not to confuse, if that's OK with you.

No probs and thanks 
Have read through your updated first post  :-TU
I think you have covered everything and outlined the steps clearly
hopefully more users will test and use this rule now
hopefully also CIS will have this rule or an option for it hardwired into future releases
Thanks again for taking the time
TF
Windows 7 x64
CIS 6 - fully virtual/HIPS enabled
Virtual Dragon
Cyberfox

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11856
Re: Specific FW rules for s'boxed processes ? (Draft Technical FAQ) [v6]
« Reply #34 on: February 27, 2013, 05:17:27 PM »
Glad you like the revised text. Will make the whole FAQ live tomorrow as this was the last bit.

Fine about the bug report, if you reproduce, please do make one.

And many thanks again

Best wishes

Mouse

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek