Automatic Sandboxing [Issue Report]

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
#1

Malicious files (detected as virus by cloud scanner), will not be sandboxed automatically after ignoring cloud scanner alert.

The bug/issue

  1. What you did: I have ran Spyshelter test tool which is detected as virus by comodo cloud scanner.
  2. What actually happened or you actually saw: running non-sandboxed after i clicked ignore for cloud scanner alert
  3. What you expected to happen or see: should be sandboxed by comodo’s automatic sandbox
  4. How you tried to fix it & what happened: No
  5. If its an application compatibility problem have you tried the application fixes here?: I don’t think it is an appl. compatibility problem.
  6. Details & exact version of any application (execpt CIS) involved with download link: http://www.spyshelter.com/download/AntiTest.exe
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: Yes
    → Download the tool from the above link (step 6)
    → Ran the dwd’ed tool and ignore the cloud scanner prompt by clicking ignore button
    → Open Active Process Window, you see this tool’s process is running non-sandboxed and its verdict as virus
  8. Any other information (eg your guess regarding the cause, with reasons): I think the issue is, When the verdict the of file is confirmed as virus, comodo would not try to sandbox the offended file and runs normally once after clicking the ignore button.

Files appended.

  1. Screenshots illustrating the bug: Pls. see the attachment

Your set-up

  1. CIS version, AV database version & configuration used: Comodo Firefwall v5.3
  2. a) Have you updated (without uninstall) from CIS 3 or 4: No, it is a clean install.
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): Set to Proactive Configuration, Checked all Firewall options like block “gratitious ARP frames”
  5. Defense+, Sandbox, Firewall & AV security levels: D+= Safe, Sandbox= Untrusted, Firewall = Safe, AV = NA
  6. OS version, service pack, number of bits, UAC setting, & account type: W7 64 SP1, UAC Enabled, Admin
  7. Other security and utility software installed: Avast Free v6 + Rapport + Sandboxie Free + HitMan Pro Ondemand
  8. Virtual machine used (Please do NOT use Virtual box): No

[attachment deleted by admin]

#2

Can this bug be verified for proper format please?

#3

I just tested it with v5.4 mods preview and it gets sandboxed as partially limited.It looks like the Cloud changed its view. Can you check how it is being judged now?

#4

I keep getting sanboxed applications that are trusted every time i start up my pc it keeps asking me even tho i click it to trusted can i get some help here?

#5

Please start your own topic in the Defense+ / Sandbox Help - CIS board. This board is for bug reports only.

Read the workarounds in App. is not working correctly, but does not seem to be s/boxed. What to do? [v5] and see if they bring a solution.

#6

Thank you for your Issue report in the correct format.

Moved to verified.

Thank you

Dennis