From there I must launch an exe which update an application.
I put the whole mapped folder in My Own Safe Files
I have the updater and the other launcher as Installer or Updater in Computer security Policy.
But when I launch the updater is automatically sandboxed and it can’t update the main application (it should download an update and launch another exe to update the application). Checking Do not run this application in Sandbox again has no effect.
Beside that after a while the mapped folder disappears from My Own Safe Files. :o
Anyone have an idea how to avoid automated sandboxing for my updater? It’s somehow stupid to disable sandbox, update my application and enable sandbox again. Daily.
I guess that is something about mapped folder and direct path but I’m not sure how can I change those.
Windows XP x32 SP3, whole CIS in Proactive mode, FW and D+ in Safe Mode, AV stateful.
Crumbs challenging one. Thanks for the excellent info.
One further bit of info - where/what is the mapped drive? Is it on the internet or removable? Look like it’s another machine on your LAN?
For a start I would take the files defined as updaters out of my safe files, just leave them as installers/updaters. Then reboot. Probably won’t help, but will make things clearer.
Check you sandbox setting to make sure all are set at defaults.
I’ve checked the sandbox recently for operation with UNC paths, and all seemed well (but it was a simple one-off check). Can you map the drive with a UNC path? (eg \ComputerName\SharedFolder\Resource)
Your files will disappear from My Safe Files if the resource is ever unavailable at boot time (at the boot stage where CIS checks My Safe Files).
Yep, on another machine on my LAN and that machine is without Internet access.
OK, I’ll do that.
Unfortunately no. That installer needs a mapped letter.
But they disappear during the day without rebooting my machine or that machine which have the application. And I have permanent connection with that machine because is my PDC in LAN.
Well I guess CIS should deal properly with directly mapped drives, so I’m inclined to transfer to bugs, if that’s OK, and see if anyone else, maybe a dev has any insights.
Meanwhile you can probably use the following fix. Create a batch file on the local disk to run each of the executables you have defined as an installer/updater. Give this batch file installer/updater priivs. (Alternatively if you need to run some of the other executables directly you can try the same trick using an explorer substitute like XYexplorerfree, then run your networked executables from there but you must remember never to run unknown files from the explorer substitute, as they will have almost no Defense plus protection).
Could you add the bug report info as requested in the bug forums stickies, where you have not already?
Happy day today for me.
Yesterday I’ve bite the bullet and installed CIS 5 Beta 2 at work. Made trusted those 2 mapped applications and everything is fine.
It works!
Thanks Comodo team now I can unleash the power of sandbox at work.
