Malicious files (detected as virus by cloud scanner), will not be sandboxed automatically after ignoring cloud scanner alert.
The bug/issue
- What you did: I have ran Spyshelter test tool which is detected as virus by comodo cloud scanner.
- What actually happened or you actually saw: running non-sandboxed after i clicked ignore for cloud scanner alert
- What you expected to happen or see: should be sandboxed by comodo’s automatic sandbox
- How you tried to fix it & what happened: No
- If its an application compatibility problem have you tried the application fixes here?: I don’t think it is an appl. compatibility problem.
- Details & exact version of any application (execpt CIS) involved with download link: http://www.spyshelter.com/download/AntiTest.exe
-
Whether you can make the problem happen again, and if so exact steps to make it happen: Yes
→ Download the tool from the above link (step 6)
→ Ran the dwd’ed tool and ignore the cloud scanner prompt by clicking ignore button
→ Open Active Process Window, you see this tool’s process is running non-sandboxed and its verdict as virus - Any other information (eg your guess regarding the cause, with reasons): I think the issue is, When the verdict the of file is confirmed as virus, comodo would not try to sandbox the offended file and runs normally once after clicking the ignore button.
Files appended.
- Screenshots illustrating the bug: Pls. see the attachment
Your set-up
- CIS version, AV database version & configuration used: Comodo Firefwall v5.3
- a) Have you updated (without uninstall) from CIS 3 or 4: No, it is a clean install.
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: - a) Have you imported a config from a previous version of CIS: No
b) if so, have U tried a standard config (without losing settings - if not please do)?: - Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): Set to Proactive Configuration, Checked all Firewall options like block “gratitious ARP frames”
- Defense+, Sandbox, Firewall & AV security levels: D+= Safe, Sandbox= Untrusted, Firewall = Safe, AV = NA
- OS version, service pack, number of bits, UAC setting, & account type: W7 64 SP1, UAC Enabled, Admin
- Other security and utility software installed: Avast Free v6 + Rapport + Sandboxie Free + HitMan Pro Ondemand
- Virtual machine used (Please do NOT use Virtual box): No
[attachment deleted by admin]