Hello guys,
When I open a PDF file from a USB drive, the file automatically gets sandboxed. I can fill in the form but I cannot print it, so I had to move the file to trusted files, close my document and type all the details again.
I hope that Comodo finds a way to solve this problem, because if I install CIS on a friend’s PC, I do not think that he/she will go through such hassle just to fill and print a PDF form.
Thanks
Copy that file to hard disk first and then open it.
USB drives are treated as untrusted.
Yes thanks.
But given that Comodo wants its software to be installed on average user’s PCs, I wanted to draw its attention on this issue. Users want protection without interference.
That’s why Comodo loses users.
Comodo loses users because CIS views external media as a security risk? ??? 88)
For security users will have allow for some inconvenience. They could also decide to disable autoruns for all external media in Windows. But not locking down external media is not an option for me.
Locking down on opening PDF files ?
Yes.
It should block the actions made by that PDF and not the PDF itself. This way even if you view a malaicious PDF, you’ll be able to view it but that file won’t be able to perform an exploit on your system.
That’s a big difference.
Can it be done so ?
The PDF viewer program is trusted and the PDF file is untrusted…
I think you are missing the key point that he is opening a file from his USB drive. By default, external media is considered untrusted (as it should be…) so that is where the issue is. No amount of adding something to the trusted list is going to change the fact that it will not work because you never know where that media has been.
Would you feel happier if you could trust a file type on your thumb drive, then you loan it to your friend. It comes back and you put it in, and what do you know? You just got an infected file and you’ve trusted it so it infects your computer…
CIS also does that. It will warn for scripts.
For me it’s perfectly comprehensible that the file is being sandboxed given that USB is a threat vector, but it would have been perfect if Comodo allowed me to print the file even when sandboxed.
By the way, I took the pen drive from a friend’s PC, his AV did not find anything but it allowed him to perform all his activities normally. For me a scan with CIS revealed a Trojan in the pen drive, so sandboxing files from USB drive is very important. We just need to have a good balance between security and usability.
Thanks
Does allowing a PDF to print cause any malicious action on system, if not, we can allow it.
But, if it poses any danger (like using spool service for something else) then there is no other choice.
There is malware out there that tries to exploit vulnerabilities in Spooler service. It is more secure to prohibit malware from accessing the Spooler service.
Add to this that Adobe Reader is a popular target of malware in general as it so commonly used then we have an explosive scenario at hand.
bingo, spooler service has been used for a long time to inject rootkits in the system. What I recommend is using a PDF reader that has its own security top prevent commands from running, something like foxit seems very secure while still being light.
Does the PDF reader you are using not allow scripts to run by default?
CIS will warn when a program wants to run a script.