I was able to get games to run with V4. What I noticed was that when I started the game I would get the popup asking if I should continue running it in the sandbox. I selected to never run it in the sandbox. The game would still fail, but the next time that I ran it it asked me about a different file. I believe that even when you select not to run it in the sandbox that the decision only affects the next time it runs.
Did you receive any popups at all? Nothing for the firewall, defense+, or the sandbox.
The problem is relatively fixed for me (although not quite as fixed as I would like). I did have to jump through hoops to get it running.
Sorry you are having such serous problems. I’ve encountered sandboxing without alerts myself. First try defining the file as trusted, and see of you get an alert when you close and open it again.
If this does not work, I know this sounds potty, but have you tried defining the temporary file sandboxed by CIS as an installer in D+?
If this does not work, I think I would try watching what happens when you open the game using sysinternals process explorer (just google these 3 words). If you disable highlighting of packed images under options, everything that comes out coloured brown, apart from Google chrome, Comodo Dragon, and wmiprsrv, is probably sandboxed.
Unsandbox stuff by adding to My Safe files or defining as an installer.
Please report back - the bug may not have been nailed because it has been found difficult to replicate.
Even with the latest version I still cannot launch CoD even though every time I try to run the game, I receive a sandbox notifiation (finally :D) telling me that it has isolated ~e5.001. Despite selecting “Do not run this app in the sandbox again”, the game does not start :-.
Thanks for your response. Actually yesterday I managed to launch CoD with sandboxing enabled but it happened at the second or third attempt. It turned out that the file ~e5.001 had found its way into My Safe Files (manually adding it does not work). However, after a while it disappeared from there and I had troubles launching the game yet again :-. I think it depends on when this file is modified as it is probably dynamically generated every time I run the game.
We really need to understand if and why this file is being sandboxed. Are you willing to go through this systematically? It will help Comodo to fix this if you do!
If so would you mind installing Microsoft (Sysinternals) Process Explorer? (Just google it!). If you do then navigate to Options ~ Configure highlighting and untick everything except jobs. Process explorer will then show sandboxed items (which run as jobs), plus a few operating system and browser jobs, in brown. Then start the game and watch what opens what, and whether they are coloured brown, in the default hierarchical view.
What I half expect to see is that another file is getting sandboxed, and is opening the .001 file as sandboxed. (BTW you have been inconsistent in the number of zeros you have typed, which may cause problems if you are making manual entries). If this is so be sure to take a note of the name and path sandboxed file which is opening the .001 file and report back.
Also could you see if you can find the .001 file on a) the hard disk b) the CD, so we can see if it is being dynamically generated or not.
Thanks for your interest Mike! I do appreciate it.
So, my findings:
Upon clicking on the desktop shortcut, I see two new processes appearing in brown (iw3sp.exe and ~e5.0001). iw3sp.exe is the game’s executable.
There’s also one more, called Sf.bin. It appears only for a short while (in green) and is innitiated by AvastSvc.exe.
I get a sandbox popup asking me whether I’d like to take ~e5.0001 out of it. I opt to do so.
The game does not lauch.
The two processes in point 1 are still in brown.
As for my inconsistence - sorry for it. The file is called ~e5.0001, not ~e5.001.
I have it in C:\Users\username\AppData\Local\Temp. I couldn’t find it in the game’s cd.
That’s great. I see you didn’t self destruct in 10 seconds!
From what you say I guess iw3sp.exe is the parent of ~e5.0001. You can confirm this by double clicking on ~e5.0001 in process explorer.
So what is probably happening is that ~e5 (for short) is being sandboxed because iw3sp.exe is. So can you stop iw3sp.exe being sandboxed by putting it in ‘My Safe Files’ and, critically, then rebooting. Check ‘My Safe Files’ after rebooting to see if it is there.
Then try launching the game again to see what happens. See if ~e5 is still being sandboxed, and report back, if that’s OK. If it is please check if ~e5 is there (ie on the hard disk) when the game is closed and you have subsequently rebooted. (This is to try to understand why it disappears from my safe files).
Just to check - did you put iwsp3.exe into My Safe Files, and did it stay there through a reboot cycle. Sorry to ask but your reply could be read two ways. (I’m assuming that neither iwsp3.exe or ~e5 appear in the computer security policy, please check and tell me what policy (eg trusted) they come under if they do.)
If so, as a hypothesis, because ~e5 is getting dynamically generated, it is different each time. CIS sees it as an executable because it is being opened by iwsp3.exe with execution privs. CIS being too bright for its own good says ‘You have to tell me again this is safe, cos its different’. You can check this by taking copies of different ~e5’s (~e5s after sucessive runs of COD) and running file compare fc on them from the DOS prompt. (If you are lucky the ~e5’s lengths may be different and fc won’t be needed).
If this process confirms that the ~e5s are different this is a CIS design limitation, and needs reporting as a bug/wishlist item. (Maybe the wishlist item is to exclude specific files from this form of identity checking)
Meanwhile the only way over it is to try and fool CIS. Here’s some possibilities.
(Faint hope) is ~e5 code signed (don’t really see how it could be, but worth trying to add it via [at]My Trusted Software Vendors’)
With ~e5 in My Safe files and not having run COD since then, make ~e5 ‘read only’, and see if COD objects when you run it again.
After taking ~e5 out of My Safe Files, try adding ~e5 in the Computer Security Policy as an ‘Installer/Updater’ (i.e. applying the predefined ‘installer/updater’ policy to it).
Others may have found different work arounds, but let’s see if these work first.
That’s great to know. Many people don’t stick with a systematic approach, so kudos to you for doing so, and critically, doing so carefully.
Partly from these interactions have now done a FAQ entry on solving unsandboxing problems, so I’ve made good use of your work.
Re fc, would still like to know if you have time. Start by putting the two copies of ~e5 files (collected after different runs of the game) in your ‘my documents’ directory, changing the name of the second copy slightly.
To run file compare go to Start~Run and type in cmd . You’ll get a DOS window probably showing C:\documents and settings<username>. Type cd “My Documents” to change directories. Then type fc . The filenames must be in double inverted commas if they have spaces. If they are the identical it will say FC: no differences encountered. If not it will spew a lot of garbage out do +C to stop it if you need to!
I’ve compared the two instances of the same file but cmd could not find any differences between them. However, I still think that ~e5 changes after some time but probably not every time I run the game.
I’m gonna take a copy of the file after I’ve started the game after a reboot and come back with my findings.
Changing dates may be enough I guess. My bet is on that.
Otherwise is the game on a removable disk, BTW? Not sure of the significance but I understand that Comodo treats files on removable disks differently, so maybe treats a ~e5 if copied from a removable disk differently, or an iw3sp.exe run from a removable disk differently.