Problem description: Software can be auto sandboxed by CIS and still generate alerts. I have had this happen 3-4 times. I append one example - files is Create Media Lite from www.creative.com.
CIS version: 4.0.135239.724 x32
Your Operating System (32 or 64 bit, Service Pack revision, and account privs: XP SP3 32 Bit, admin account (on Pentium 4 CPU 3Ghz, 4Gb RAM)
Other Security and Utility Software Installed: See appended config report for details. Usually: Comodo - CIS, CVE, CIV, CLP, CSE, CAS, IVault; Other- Filezilla, Wallwatcher, Sony Ericsson PC software, Actual Window Manager, Routerstats, Revo, Process Explorer, Google Desktop, Process Tamer, Process Explorer, Kiwi Syslog, Idrive, Clipmate, Hotspotshield, Stuffit
Step by step description to reproduce the issue: Simply run the appended software.
How you tried to resolve the problem: N/A
Upload Memory Dumps on crash if you encounter any: N/A
Attach screenshots to your posts to clarify the issue further: Appended
Virus database version: Please see appended config report
Any other information you think that might be useful. CIS settings: See appended config report for details.
Problem description: THe appended piece of software was autosandboxed but gave no sandboxing alert.
CIS version: 4.0.135239.724 x32
Your Operating System (32 or 64 bit, Service Pack revision, and account privs: XP SP3 32 Bit, admin account (on Pentium 4 CPU 3Ghz, 4Gb RAM)
Other Security and Utility Software Installed: See appended config report for details. Usually: Comodo - CIS, CVE, CIV, CLP, CSE, CAS, IVault; Other- Filezilla, Wallwatcher, Sony Ericsson PC software, Actual Window Manager, Routerstats, Revo, Process Explorer, Google Desktop, Process Tamer, Process Explorer, Kiwi Syslog, Idrive, Clipmate, Hotspotshield, Stuffit
Step by step description to reproduce the issue: Simply run the software.
How you tried to resolve the problem: N/A
Upload Memory Dumps on crash if you encounter any: N/A
Attach screenshots to your posts to clarify the issue further: Appended
Virus database version: Please see appended config report
Any other information you think that might be useful. CIS settings: See appended config report for details.
Though Sandboxed applications block many actions by default they will still trigger some alerts (eg COM and Hooks) to allow the user to block those actions or, in some cases, silently allow them (eg creation of new files in paths a limited user has permissions).
It would be possible to edit “All applications” policy to allow such action and suppress alerts for urecognized apps (In such case sandboxed apps will allow those actions and won’t trigger alerts) but there is no easy way to create block rules that affects all Sandboxed apps.
Is the intention to exclude of COM interfaces and hooks from the sandbox’s silent denial documented anywhere?
In the help text it says:
“Sandboxed applications will not produce any Antivirus, Firewall or Defense+ Alerts.”
Also it seems to me that I only get these alerts before and during (or very very shortly after) the time the sandboxing alert is on the screen, suggesting a timing issue.
I got hook alerts since early betas when documentation was not yet available.
COM alerts were were occasionally displayed since early betas.
AFAIK the com alert whose picture you attached would correspond to some V3 Interprocess Memory alerts (perhaps are triggered when some additional condition apply).
Whereas COM alerts could not be triggered sometimes the design decision was unclear but Hooks were predictably able to trigger alerts (or predictably fail in a specific case).