Bug using sandbox without virtualization [NBZ]


The bug/issue

  1. What you did: I activated Proactive and put my browsers (Firefox, IE) and emule in the list “Always Sandbox” with “Partially Limited” level and no virtualization.
  2. What actually happened or you actually saw: Softwares sandboxed doesn’t work good. Exemple: when I opened Firefox, it showed me a white page and didn’t permit me to surf on any site or page. However my personal settings there were. When I run emule, it gives me an error at beginning and doesn’t connect to internet.
  3. What you expected to happen or see: My softwares worked as well as in Comodo 5.0
  4. How you tried to fix it & what happened: I inserted in the list, the plugin-container.exe (Firefox), nothing else about emule. Then I unistalled and cleaning all before reinstalling.
  5. If its an application compatibility problem have you tried the application fixes here?: No
  6. Details & exact version of any application (execpt CIS) involved with download link: Firefox 3.6.13; eMule 0.50a
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: I activated Proactive and put my browsers (Firefox, IE) and emule in the list “Always Sandbox” with “Partially Limited” level and no virtualization. Run the software.
  8. Any other information (eg your guess regarding the cause, with reasons): I noticed that the problem comes when the software functions involve internet connection. However the issue was not in Comodo 5.0

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug:


  2. Screenshots of related CIS event logs and the Defense+ Active Processes List:



  3. A CIS config report or file.
  4. Crash or freeze dump file: NO

Your set-up

  1. CIS version, AV database version & configuration used: 5.3.175888.1227, AV DB Version 7374, Proactive Security
  2. a) Have you updated (without uninstall) from CIS 3 or 4: No
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS: NO
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):
    In Firewall Settings:
  • I enabled IPv6 filtering
  • I disabled “This pc is a gateway”
  • I disabled everything except: Protect ARP cache, Block ARP Messages, Protocol Analize
    In Defence+ Settings:
    All unchecked in General Settings. All checked/enabled in all other sheets
  1. Defense+, Sandbox, Firewall & AV security levels:
    D+=Safe , Sandbox=Active , Firewall = Personalized Policy, AV = Optimized
  2. OS version, service pack, number of bits, UAC setting, & account type:
    Windows 7 Professional, no SP, 32-bit, UAC disabled, Aministrator account
  3. Other security and utility software installed:
    MalwareBytes Anti-malware only on-demand, CCleaner, RevoUnistaller
  4. Virtual machine used (Please do NOT use Virtual box): NO

We would very much appreciate it if you would edit your first post to create an issue report in line with the bug forum guidelines and format here. You can copy and paste the format from this topic.

To understand the reasons why we ask you to follow these guidelines please see below.

Bugs/issues can be impossible or very time consuming to fix if developers don’t have enough information to reproduce them. Since CIS is free, development time is limited. So if you want your issue fixed, please use the format below to describe it.

To avoid clutter, issues not described in the format below your post will not be moved to the ‘moderator verified’ issues topic. This means that the developers may not look at it.

Best wishes and many thanks in anticipation


Done. I hope to have wrote all right.
I’ve comodo in Italian and I’m not sure about any settings translation :stuck_out_tongue:

Thank you for your bug report in the required format.

Moved to verified.

Thank you


Can you try disabling Protocol Analize (do protocol analysis) and report back what happens when using e Mule and FF?

Then see if you have protocol obfuscation enabled in e Mule. What happens when you disable it with Protocol Analize enabled and with Protocol Analize disabled?

No, it doesn’t work. Same error

I want to show you this message on Firefox Console Error


It seems that it can’t communicate with connection interface.
In fact, eMule shows a message about problems creating the socket (you can see the message in my 1st post)

I think that the expansion of the zones protected by Defence+, caused a conflict with some processes.
In fact it works if I switch to “Internet Security Conf”. Maybe it’s a coincidece, maybe not…

Edit by EricJH: removed the url to the well known image hosting site being used

It was an error reported by NoScript but Firefox doesn’t work even if I disable it. It was only a plus information.

The following are two rows of eMule Log:

04/02/2011 13:32:56: Errore Fatale: Impossibile creare un Socket sulla porta xxxxx 04/02/2011 13:32:56: Errore Fatale: Impossibile creare un Socket sulla porta xxxx Traslation: 04/02/2011 13:32:56: Fatal Error: It wasn't possible creating a Socket on port xxxxx 04/02/2011 13:32:56: Fatal Error: It wasn't possible creating a Socket on port xxxxx

I assume you are using the Proactive Security configuration. Can you see what happens when you import a clean Proactive Security configuration? That way we can see if the problem is with the Proactive settings or your specific settings.

To import a clean Proactive config go to Manage My Configurations → Import → navigate tot he CIS installation folder → choose the Proactive config → give it an appropriate name; f.e. Comodo Proactive Security Test → and activate it.

When done try again with e Mule and FF.

No, Same errors on both software.
However, Internet Explorer doesn’t work too. FeedDaemon (RSS reader that uses IE engine) runs, works good until it try to connect to update the news. In that moment it gives me error because it can’t found a connection

Then I have nothing else to ask.

ok, I hope you’ll have in future :slight_smile:

I noticed that if I run an unknown installer (Comodo Leak test, CLT.exe), Comodo shows me the little sandbox popup, but the folder named Virtual Root, is empty ??? . The virtualization is enabled.
However the restrictions are applied; in fact, if I set “Restricted” or “Untrasted” as restriction level, CLT.exe passes every tests.

  • If I run the same software with a lower restriction level, tha auto-sandbox shows me the popup and the test fails. the sandbox folder is always empty.

  • If I put the software in the “Always Sandbox” list with virtualization enabled, the sub-folder of the program (clt.exe) is created inside the Virtual root folder. In this case virtualization worked. in this case I think it’s not important if the test passes or not, because it runs in an isolated zone.

Finally I think that:

  • The auto-sandbox applies only the restrictions without virtualization even if it was enabled in the general settings (DANGER)
  • The virtualization works only if I put the software in the “Always Sandbox” list…
  • … but we know there are some issues if you don’t use virtualization

I quote from your guide:

[b]Note for advanced users[/b]: [u]The virtual file system is created inside the Sandbox working folder (e.g. c:\sandbox\) to execute the applications within this file system.[/u]

If you disable this option here, the virtual file system is not created even if you have enabled file system virtualization for individual applications within the Sandbox.

The virtualization works in individual mode, but it doesn’t in auto-sandbox

Can anybody explain me what’s happening? ??? ???

That is by design. Auto sandboxing does not virutalise. Virtulisation is only active when manually sandboxing. Notice it is not possible to install a program in the sandbox like is possible in Sandboxie.

Ok but, why are the virtualization options in Generale Settings too, if I can use virtualization only in individual mode?

nothing about this bug?