After Running Malware Sandbox Is Not Fully Deleted When Reset [M1301]

1. The full product and its version:
COMODO Internet Security Premium Beta 8.0.0.4314

2. Your Operating System (32 or 64 bit) and ServicePack revision. and if using a virtual machine, which one:
Windows 7 Starter 32 bit

3. List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?:
Default configuration

4. Did you install over a previous version without uninstalling first, or import a previous configuration file?:
Clean install

5. Other Security, Sandboxing or Utility Software Installed:
None

6. Step by step description to reproduce the issue. Or if you cannot reproduce it, what you actually did before it happened, step by step:
1: Disable the antivirus and the cloud so the malware won’t be detected.
2: Run the malicious unrecognized file in the sandbox.
3: Reset Sandbox
4: You will see that some folders in the sandbox are not correctly removed. I have attached a screenshot showing this.

7. What actually happened when you carried out these steps:
After running a particular malware sample the sandbox is not fully deleted.

8. What you expected to see or happen when you carried out these steps, and why (if not obvious):
In previous versions, clearing the sandbox was done correctly, even after running this malware.

9. Any other information:
A video showing this behavior can be seen here:
https://yadi.sk/i/V-1FZQJ2c8bDY

[attachment deleted by admin]

Thank you for reporting this. Please create a diagnostics report and attach it to your first post. If you are not sure how to create that please feel free to ask.

Also, I would like to know what you mean when you say that the “sandbox is not cleared fully”. What are you seeing, or experiencing, which makes you believe that the sandbox is not fully cleared?

Thanks.

I don’t know how to create a diagnostic report. First, the video will show. Secondly, to make two screenshots. One folder VTRoot with fully purified sandbox (CIS 6, 7), second (CIS8) folder after cleaning contains undeleted folders and files, including malicious files.

https://yadi.sk/i/3Anmcg5Fc6CV9

https://yadi.sk/i/mRTiSiHJc6jpK

https://yadi.sk/i/hvpzipAic6jqN

Instructions on how to create a diagnostics report can be found here. Please let me know if you have any trouble creating it.

Thanks.

https://yadi.sk/d/adXDHOu-c7BkL

Thank you. I have added the diagnostics to the first post. Please send me a download link via PM for the malware you used and I can forward this to the devs.

A new video and a bug report. Cause the file 48.exe

https://yadi.sk/i/V-1FZQJ2c8bDY

https://yadi.sk/d/JNsO4JY_c8bFS

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time, availability, and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.

If you are able please check with the newest version (CIS version 8.0.0.4337) and let me know if this is fixed on your computer with that version.

Thank you.

Nothing has changed. Folder VTRoot not removed.

Thank you for checking this. I’ve updated the tracker.

Hello,

The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.

If you are able please check with the newest version (CIS version 8.1.0.4426) and let me know if this is fixed on your computer with that version.

Thank you.

The bug is fixed.

Thank you.

Thanks for letting me know. I will close this in the tracker and move this to resolved. If you later find this bug has returned feel free to let me know and i will reopen this bug.

Thanks again