Bug in Sandbox level


  1. What you did: I executed clt.exe (Comodo Leak Test)
  2. What actually happened or you actually saw: The pop up for the automatic sandbox showed that this exe was sandboxed as “Untrusted” (this is my setting for the auto sandbox). The “Active Process List (Sandboxed Only)” showed that ctl.exe is treated as “Partially Limited”
  3. What you expected to happen or see: The “Active Process List (Sandboxed Only)” should show the sandbox level “Untrusted” instead of “Patially Limited” for “ctl.exe”
  4. How you tried to fix it & what happened: n/a
  5. If a software compatibility problem have U tried the compatibility fixes (link in format)?: n/a
  6. Details & exact version of any software (execpt CIS) involved (with download link unless malware): n/a
  7. Whether you can make the problem happen again, and if so precise steps to make it happen: remove “ctl.exe” from unrecognized files, execute it again
  8. Any other information (eg your guess regarding the cause, with reasons): n/a

B. FILES APPENDED. (Please zip unless screenshots).

  1. Screenshots of the Defense plus Active Processes List (Required for all issues): attached
  2. Screenshots illustrating the bug: attached
  3. Screenshots of related CIS event logs: attached
  4. A CIS config report or file: no
  5. Crash or freeze dump file: n/a
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version: no


  1. CIS version, AV database version & configuration: 5.8.213334.2131, 10631, Proactive
  2. a) Have you updated (without uninstall) from a previous version of CIS: no
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: n/a
  3. a) Have you imported a config from a previous version of CIS: no
    b) if so, have you tried a standard config (without losing settings - if not please do)?: n/a
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): yes, unticked “Automatically trust the files from the trusted installers”; changed “Treat unrecognized filed as” o “Untrusted”
  5. Defense+, Sandbox, Firewall & AV security levels: D+=Safe, Sandbox=Enabled, Firewall=Safe, AV=Stateful
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows 7 Enterprise 32bit, SP1, UAC on high, Admin
  7. Other security and utility software currently installed: CIS only
  8. Other security software previously installed at any time since Windows was last installed : no
  9. Virtual machine used (Please do NOT use Virtual box)[color=blue]: no

I hope this is is just a small bug, and the sandbox level in “Active Process List (Sandboxed Only)” ist just shown wrong. If the process is running under “Partially Limited” instead of “Unstrusted” (or any other level) this would be a serious bug. If there is a way how to determine which sandbox level is actually applied, please tell me.


[attachment deleted by admin]

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Moved to Verified.

Many thanks again