Cannot permanently unsandbox an application on a directly mapped drive path

I have a mapped folder in my network.

From there I must launch an exe which update an application.

I put the whole mapped folder in My Own Safe Files

I have the updater and the other launcher as Installer or Updater in Computer security Policy.

But when I launch the updater is automatically sandboxed and it can’t update the main application (it should download an update and launch another exe to update the application). Checking Do not run this application in Sandbox again has no effect.

Beside that after a while the mapped folder disappears from My Own Safe Files. :o

Anyone have an idea how to avoid automated sandboxing for my updater? It’s somehow stupid to disable sandbox, update my application and enable sandbox again. Daily. :frowning:
I guess that is something about mapped folder and direct path but I’m not sure how can I change those.

Windows XP x32 SP3, whole CIS in Proactive mode, FW and D+ in Safe Mode, AV stateful.

[attachment deleted by admin]

Crumbs challenging one. Thanks for the excellent info.

One further bit of info - where/what is the mapped drive? Is it on the internet or removable? Look like it’s another machine on your LAN?

For a start I would take the files defined as updaters out of my safe files, just leave them as installers/updaters. Then reboot. Probably won’t help, but will make things clearer.

Check you sandbox setting to make sure all are set at defaults.

I’ve checked the sandbox recently for operation with UNC paths, and all seemed well (but it was a simple one-off check). Can you map the drive with a UNC path? (eg \ComputerName\SharedFolder\Resource)

Your files will disappear from My Safe Files if the resource is ever unavailable at boot time (at the boot stage where CIS checks My Safe Files).

Best wishes


Yep, on another machine on my LAN and that machine is without Internet access.

OK, I’ll do that.

Unfortunately no. That installer needs a mapped letter. :frowning:

But they disappear during the day without rebooting my machine or that machine which have the application. And I have permanent connection with that machine because is my PDC in LAN. :slight_smile:

Thanks for advices. :-TU

[attachment deleted by admin]

Not a wireless LAN then?

Nope. My wired LAN at work.
Believe me before I made this thread I’ve tried about 2 weeks to figure myself but I’ve ran out of ideas. :frowning:

It’s not a big deal though but it’s annoying and now I’m curious if it can be solved. :slight_smile:

How many files in My Safe files? I have found a limit somewhere between 200 and 500

(Not managed to find exactly how many)


They are in a printscreen above. Those are all my files in My Own Safe Files. :slight_smile:

If I put all exe files from that mapped folder I have maybe 30 files more.

Not that then.

I note the path for your installer/updater definition is very physical. Can you make it more logical? L:\xx.exe?

Can you re-create the L:\ mapping as a UNC defined mapping? (Not a network expert, so sorry if this naive).

Seeming more like a bug to me…

Best wishes


CIS made it automatically at first launch of that exe. I cannot modify path but I’ve tried to delete it and put it as UNC and same behavior.

It is. :frowning:

I dunno if it’s a bug or a misunderstand between mapped letter and full path.

[attachment deleted by admin]

Well I guess CIS should deal properly with directly mapped drives, so I’m inclined to transfer to bugs, if that’s OK, and see if anyone else, maybe a dev has any insights.

Meanwhile you can probably use the following fix. Create a batch file on the local disk to run each of the executables you have defined as an installer/updater. Give this batch file installer/updater priivs. (Alternatively if you need to run some of the other executables directly you can try the same trick using an explorer substitute like XYexplorerfree, then run your networked executables from there but you must remember never to run unknown files from the explorer substitute, as they will have almost no Defense plus protection).

Could you add the bug report info as requested in the bug forums stickies, where you have not already?

Hope this helps


OK, you can transfer it to bugs, no problem.
As I said it’s not a big deal but I’m curious why this behavior. :slight_smile:
I’ll try tomorrow that bat trick.

I guess I revealed all the info needed. I’m on Administrative account.

Thanks a lot for being with me on this one. :-TU

That’s fine, and thanks for presenting such comprehensive information.

Transferring now, & adding to mods bug list

Best wishes


OK I give up. I did that bat but main exe is still sandboxed.
Now I put it as a Twilight Zone odd behavior and forget about it. :smiley:

Never failed peviously. Oh well. You might like to try the explorer trick as well, maybe a .exe will work better.

Best wishes


Happy day today for me.
Yesterday I’ve bite the bullet and installed CIS 5 Beta 2 at work. Made trusted those 2 mapped applications and everything is fine.
It works!

Thanks Comodo team now I can unleash the power of sandbox at work.

Glad you are happy!

Like the pom poms…