Might’ve reported this under one of the Bug forums except their description says “bugs will be moved here”. Doesn’t say moved from WHERE, so I don’t know where to report a bug that then gets moved to a Bug forum. Guess they go here.
Windows XP Pro SP-3
Internet Explorer 8
Comodo Internet Security (free) 5.8.213334.2131
If the auto-sandbox (D+ tab → D+ Settings → Execution Control Settings) is set to Blocked for unrecognized files, the restriction level (privileges) configured for an Always Sandboxed program are not obeyed. The Always Sandboxed program runs at full privileges rather than those configured for it when execution control for unrecognized programs is set to Blocked.
I added the web browser under the “Always Sandbox” list but without any virtualization. I wanted to test using it under different privilege levels (Partially Limited, Limited, Restricted, Untrusted). By the way: Turns out IE8 won’t run Restricted because of a CTF (text services) hook in Windows. The entry in “Always Sandbox” was:
Restriction Settings:
Program path: C:\Program Files\Internet Explorer\iexplore.exe
Restriction Level: Limited
Advanced Settings:
Disabled: Limit maximu memory consumption
Disabled: Limit program execution time
Disabled: Enable file system virtualization
Disabled: Enable registry virtualization
I was testing only the changes in privileges on the iexplore.exe process, not how virtualization might work (which has some quirks that I don’t like, anyway, like leaving downloaded files somewhere buried under C:\VritualRoot instead of where the user specifies but tracked to ensure it runs under the same environ, much like how GeSWall and BufferZone work).
I used Process Explorer to look at the security properties of IE8 when loaded. I first tested with execution control on unrecognized files disabled. IE8 ran under the limited privileges it was configured to use under Always Sandbox. I tested with execution control on unrecognized files enabled and set to Partially Limited, Limited, Restricted, and Untrusted. In each of those cases, IE8 ran under the limited privileges configured under Always Sandbox. When I set execution control on unrecognized files to Blocked, IE8 ran will full privileges.
IE8 is obviously not an unrecognized file. Settings used to sandbox it under Always Sandbox should be honored no matter what level of execution restriction is configured for unrecognized files. Yet setting execution control on unrecognized files to Blocked results in ignoring the execution control level configured in Always Sandbox for a program.
IE8: Always Sandboxed, restriction level = Limited
Execution control for unrecognized files:
Off: IE8 runs at limited restriction level.
On, Partially Limited: IE8 runs at limited restriction level.
On, Limited: IE8 runs at limited restriction level.
On, Restricted: IE8 runs at limited restriction level.
On, Untrusted: IE8 runs at limited restriction level.
On, Blocked: IE8 runs at full privileges (no restriction).