BSOD When Resetting Sandbox after running Malware in FV Sandbox [M344] [v6]

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.

  • Can U reproduce the problem & if so how reliably?:
    Yes, every time.
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
    I downloaded a piece of malware, which devs will find attached to this post. Then, after unzipping it, right-click on the executable and select the option to “Run in COMODO Sandbox”. Then, after a few seconds, click the button to Reset the Sandbox. As soon as I clicked on the button to reset it, but before the resetting window appeared, I got a BSOD.
  • If not obvious, what U expected to happen:
    The FV Sandbox should always be able to Reset successfully, regardless of what is running inside.
  • If a software compatibility problem have U tried the conflict FAQ?:
  • Any software except CIS/OS involved? If so - name, & exact version:
  • Any other information, eg your guess at the cause, how U tried to fix it etc:
    I’m not sure. Perhaps it’s an incompatibility between the FV Sandbox and a driver on my computer.
  • Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)
    I have attached the diagnostics file (run while the malware was still running in the FV sandbox) and the KillSwitch process dump (run while the malware was still running in the FV sandbox). I have uploaded the full dump file to this page. Please let me know if there are any other attachments which would be helpful.

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration:
CIS version 6.1.275152.2801
Default Configuration

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
    Default Configuration
    However, I had to disable the AV and the Cloud lookup so it wouldn’t automatically flag the file as dangerous and remove it.
  • Have U made any other changes to the default config? (egs here.):
    Default Configuration
    However, I had to disable the AV and the Cloud lookup so it wouldn’t automatically flag the file as dangerous and remove it.
  • Have U updated (without uninstall) from a CIS 5?:
    No, this was a clean install.
    [li]if so, have U tried a a clean reinstall - if not please do?:
    [/li]- Have U imported a config from a previous version of CIS:
    [li]if so, have U tried a standard config - if not please do:
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
    Windows 7 x64 (fully updated), UAC disabled, Real System, run as administrator.
  • Other security/s’box software a) currently installed b) installed since OS:
    a) None b) None

[attachment deleted by admin]

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again


This is still not fixed with CIS version 6.1.276867.2813.

Also, it may be helpful to the devs to know that at this time Comodo Kiosk is not able to load (it spins indefinitely). Also, it complains that I need to install Silverlight and Comodo Dragon, although both are installed and up to date. Also, and I believe most relevant, Reset Sandbox never finishes. (Don’t worry, a separate bug report is coming as soon as I get a better idea of what causes it. A discussion can be found here.

The point is that this bug is still here even though Reset Sandbox never finishes. I hope that is helpful in identifying the issue.


Tracker updated, thanks

I can confirm that this is fixed with CIS V6.2.282872.2847.

Thus, I will move this to resolved.