A. THE BUG/ISSUE (Varies from issue to issue) Can U reproduce the problem & if so how reliably?:
?
Every time If U can, exact steps to reproduce. If not, exactly what U did & what happened:
1:I ran the virus on the default settings for Comodo
2:After running the virus has spread all over the place on the external disk USB
3:The virus put shortcuts on My Apps, and is also open for any shortcut works automatically virus One or two sentences explaining what actually happened:
?.. One or two sentences explaining what you expected to happen:
?sandbox must protect the external drives and prevent action shortcuts for applications
If a software compatibility problem have you tried the conflict FAQ?:
?NA Any software except CIS/OS involved? If so - name, & exact version:
?NA Any other information, eg your guess at the cause, how U tried to fix it etc:
?
Video put it to the test
B. YOUR SETUP Exact CIS version & configuration:
?CIS 7.0.317799.4142
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
?Default configuration.
No Have U made any other changes to the default config? (egs here.):
?No Have U updated (without uninstall) from CIS 5 or CIS6?:
?No if so, have U tried a a a clean reinstall - if not please do?:
?NA Have U imported a config from a previous version of CIS:
? if so, have U tried a standard config - if not please do:
?NA OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
? in real system , windows 7 x64 Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=? NA b=?NA
I see from your video that many files were dropped, even after it was sandboxed. However, after restarting the computer are any of its processes automatically started? Also, after restarting are there any important system processes, or applications, which have been altered by the worm?
In that case, under the description of Partially Limited given on this page of the Help File this does not sound like a bug. I do wish that this sort of behavior was not allowed by default, but unless something else was altered it doesn’t seem to be a bug.
What do you think, after reading the description of Partially Limited on the page I linked to?
I agree that I do not want this to be allowed by default. However, unless it is copied into areas which are explicitly protected, this is not a bug but expected behavior under Partially Limited. This is why I absolutely support any wishes for the default configuration to be more strict as to what is allowed.
However, as this is technically not a bug I am forced to move this report to Resolved. I hope you understand.
The vbs file was run under Partially Limited. Before the command-line analysis was added, as described in your screenshot, these sort of files were able to bypass monitoring, and therefore do what they liked. However, in your case it was monitored, and the Partially Limited restrictions were correctly applied. However, Partially Limited is not very strict, and thus it does allow files to be dropped.
It’s for those reasons that I still do not see this as a bug. If you feel I have misunderstood your reply please feel free to clarify.
As stated in the Help File, the option to “Do heuristic command-line analysis for certain applications” just means that files such as vbs will also be restricted under the BB level. Thus, the restrictions for Partially Limited will be applied to the vbs file. If you disable that option you should find that the vbs file is allowed to do whatever it wants with no restriction.
Thus, your issue here seems to have nothing to do with the “Do heuristic command-line analysis for certain applications” option. It seems that you have an issue with how files run under Partially Limited are allowed to drop files. Am I correct in explaining this?
Since the option to read the lines of commands and the Sandbox to ban everything that is dangerous. Is the worm hide all files on external disks and action shortcuts fake it is not dangerous
Maybe no longer bugs , but this instabilmente dangerous to the user where that all files will be the work of her hide and show shortcuts are many and difficult to remove and when removed will re-appear
Why do not display issue on the developers of the program, the proposal does not it bugs
Perhaps what would be helpful would be a limit to the number of locations where a sandboxed application can drop files. That would help in this situation, although it may make more programs fail to install correctly.
If that is more along the lines of what you are looking for please do submit a Wish Request for it. However, it would not be able to be submitted as a bug. I hope you understand.