As you know, we have improved sandboxing CIS 8 in such a way that automatic sandboxing can be configured in a more granular way. For exmaple, you can now configure CIS to automatically sandbox unknown files downloaded from internet only etc. By default, we have fine tuned it. But if you still want to have it the old way i.e. auto sandbox all unknown files regardless of the origin, you just need to make the following adjustments:
1- Open Advanced Settings->Security Settings->Defense±>Sandbox->Auto-Sandbox
2 - Double click on the 3rd rule(Check the attached screenshot)
3 - A window will be opened. In that window change the origin from Internet to Any(Check the attached screenshot)
4 - Press OK in all Windows.
This will be enough to make CIS work like CIS 7. IMO, this type of sandboxing will be too aggressive in some PCs but as long as you are happy, there will be no problems.
Is that window available in Proactive Mode? I don’t have the same menu as in your right hand photo (see attachment). I just have the third line set to Blocked.
It was set to Run Virtually when I installed CIS. I changed it to Blocked so I could get the similar v7.0 behavior. I did try the other rules but the menu remains the same.
On another note, is it possible to prevent the population of files in the Auto Sandbox window for files that I send to the Trusted Files List? I have to keep clearing the window because when the alert comes up and I choose “Don’t isolate it again”, the file is added to the Auto Sandbox window as “Trusted”.
I found the difference. I switched to the Internet Security configuration and I got the window that the first post shows. I guess Proactive Security has different default settings. Good to know.
If unknown executable is being virtualized, it gets to the unrecognized files list on both CIS7 and CIS8. But if the file is being blocked by autosandbox, CIS7 adds it to the UFL while CIS8 does not. Therefore, it was easier to deal with unrecoznized files on 7 verson.
