Behavior Blocker, not enough options

If I don’t want to run a file in the sandbox, I have only one choise “Run Unlimited”, but then HIPS doesn’t monitor it. Need a option to skip by sandbox, but not HIPS.


+1 add poll :-TU

+1 I strongly agree please add a poll so we can vote ‘YES’ :-TU

I would vote no because the whole point now of the autosandbox , AKA Behavior Blocker, is that HIPS can be disabled and out of your face.

So for the users who want to use both and sandbox some applications and use HIPS for some other applications, you think they should be actively blocked from doing this?

How many people do that? It’s one or the other for just about everybody from what I’ve seen.

It really doesn’t matter how many people would want to do that…

As has been stated before, just because you can’t understand why someone would want to do something doesn’t mean that there aren’t people that consider that particular thing to be very important to the way they want to do things.

Stating your opinion on a subject is fine, but questioning why someone would want to do something is counter-productive.

As I am not all-knowing and haven’t done any research in it, I can’t tell you how many would do that.

I can tell you that I would, I would let things I don’t trust run in the fully virtualized sandbox and for things I do know and semi-“trust” I would run outside the sandbox but I would still like to get HIPS pop-ups for them so that I can block them from doing things that I don’t want them to do and these things can vary from program to program so no I can’t give you an example, it all depends on the programs, but generally I like to block programs from writing logs, reasons are my own and won’t be stated.

Currently this is a hassle since the pop-up (that is only shown a fraction of the times something is sandboxed for me) only allows for running things unlimited, not outside of the sandbox but still having HIPS active.

Sort of unrelated question: When I sandbox something, why do I some times get a pop-up stating something has been sandboxed and then a ‘do not sandbox again’ thingy and other times the file/program doesn’t get sandboxed right away, instead CIS asks me if I want to run it in the sandbox or unlimited or block it, and also lastly sometimes things run in the sandbox without giving and of these pop-ups, they just enter the sandbox silently without a pop-up?

The difference here is that you like HIPS and I personally abhor it and don’t want to see it in any shape or form.

So for those who abhor the BB, should they comb the forum, find any posts which support it and promote its use, and continually question the judgement of those who support using the BB and making it more flexible?

No, and I don’t do that for HIPS. I just don’t see a need for it within the sandbox. Adding it in could cause a whole new crop of bugs and problems.

I’m not sure if you perhaps misunderstood the wish in this topic or if I made you confused but nothing in this topic is about HIPS inside the sandbox. This topic is about having an option in the pop-up that lets you choose to not run the file in the sandbox but still have HIPS monitor it, currently we only have the unlimited option which will run the file outside the sandbox but HIPS will also ignore it.


That’s why I have BB off for now.

Okay that’s more reasonable but it requires HIPS to be turned on and not disabled if I understand it correctly. That would greatly reduce the usability of CIS for the average person. If the option would only be present for those users who have enabled HIPS then I would be for it.

+1. Many of us have been vouching to Comodo about having the ability to choose the sandbox level each time an unknown program is run, instead of having a global level for all programs.

I propose a window popup which lets you choose options in check boxes each time an unknown program attempts to run such as:

Allow this program to:

[X] Access the clipboard
[ ] Take screenshots
[ ] Access the keyboard
[X] Access physical memory
[ ] Access the hard disk directly

I did not create the wish so I couldn’t answer that from the creator’s viewpoint but from my own, yes indeed it should only be like that if HIPS is enabled in the settings, otherwise I would see no use for such a toggle :slight_smile:

+1 the BB needs to have more options and needs to be more proactive in the sense because right the BB doesnt really behave like a BB but like a feature that sandboxes untrusted stuff,a BB should alert to bad activites and plus I dont see the point in running BB and HIPS together its a waste of resources :-TU

everyone listen because i only say this once most avs Behavior Blockers haves enough options trust me i have test avs Behavior Blockers in the past and its normal just to have one option like the av blocks it automatically is the one option thats some Behavior Blockers do even comodo does that sometimes in this case puts the file in the okay people let calm down now and go outside or do something in our lives like fix a pc or playing a video game