Auto-Containment will not run a new program except contained

I’m using CIS pro. I get a green box around the application I just installed. It is launched from a .bat file. When I go to Containment then Auto-Containment, then Manage Contained Program there is no way to ‘Edit’ and ‘Browse’ to a .bat file. Only .exe, .dll, .ocx. No “.bat”. So, I can’t make an exception for this file.

Contents of the .bat file are as follows:
@echo off
echo “Starting OpenPLC Editor…”
cd “OpenPLC Editor”
if exist .\new_editor\ (
rmdir /s /q .\editor
move .\new_editor .\editor
start “” “.\python\pythonw.exe” “.\editor\”

Create an exception

  • Containment > Containment settings > check the box "Do not virtualize access to specified files/folders
  • Click on Specified Files/Folders
  • Click on Add > Files > Choose the .bat file
  • Click OK
  • Restart the PC

Thanks ZorKas,

I was able to add the .bat file to exceptions. The program still ran contained.

I added several more things to ‘exceptions’, but still no luck. Here are my exceptions and rules “Containment problem 3.png”. Also, I looked in contained processes as the program launched, “contained processes.png”.

Any idea what I am missing? I did restart the PC.


Somehow my first attachment failed to attach. “Containment problem 3.png”

Comodo confines ALL unknown files
In your image response you have unknown files

OpenPLC Editor.bat

When an UNKNOWN file is executed in the sandbox the PIDs (processes) are also confined
In your case, the files must be “Approved” in order to avoid containing it
On the other hand, as a reminder, you must reset the sandbox before renewing the operation on your .bat file or others

Thanks Zorkas,

“the files must be “Approved” in order to avoid containing it”
So, being an exception is not sufficient to avoid containment. I found that I can make a file ‘trusted’ (same thing as Approved I think) if it appears in the contained apps list. I just right click it and select Add to Trusted Files. This worked to get the “” file trusted. But, “OpenPLC Editor.bat” only appeared in the list briefly. Not enough time to right click it. Fortunately I can change the behavior of a .bat file. I added “pause” at the last line of it. Now, it appeared in the contained apps list and stayed there. So, I right clicked it and selected Add to Trusted Files.

Problem solved. See “adding pause to bat file.png”.

I suppose there is some other way to make a file trusted, but I could not find it.

You could have used the unblock applications task to easily unblock from containment or changed the file rating to trusted. Manage Blocked Items, Blocked Applications, Comodo Internet Security | COMODO

Also those exclusions is used in a different way and I would remove the ones you added. See help doc Containment Settings, Containment Computer Security, Desktop Software | Internet Security

Hi futuretech & Zorkas,

Thank you for supporting.


Hi C.O.M.O.D.O RT,

Through this help request we demonstrate Comodo’s ability to block an unknown command in order to protect the PC
The inter-process behavioral analysis is an undeniable advantage of Comodo CIS against Ransomware and other indelicates
Looking forward to the next version…


Hi Zorkas,

Ok, we will take this to the team notice and update you.
Thank you for supporting.