After upgrading to ver 4, I just can’t prevent an app (video editor) opening my browser when I click on certain buttons and menus. This is not only a nuisance, but it can sometimes cause the machine to hang when big preview windows open so I want it blocked.
As there are no settings in the app for this, I’ve tried to block it in Comodo, but no go as it seems to use something other than the main exe to do this.
In the previous version of Comodo, all I had to do was to block this from happening in the popup that came up when it tried to open the browser, but now, even with settings to paranoid and everything else I’ve tried, there’s no alerts and no way of stopping it.
Any ideas? Easiest would maybe to download an older version, but can’t find them about?
Sorted it myself. Turns out this Sandbox thing has to be off. Even if the app didn’t run in Sandbox to begin with, somehow it overrode the rules and settings of the app, that’s why no alerts came up when it opened an external program or any settings in defense about the app had any effect.
So sandbox actually reduced my security by letting apps open other apps even if set not to and alerts on, how about that.
Sorry you are having this problem. It’s an interesting one.
The sandbox is supposed to suppress most alerts, but in general to deny not allow them. Which alert did you previously get that you used to deny? Depending on your reply, I may move this to the bug report board, if that’s OK.
You should be able to remove your problem by un-sandboxing the software, instead of turning off the sandbox completely. Just add it to My Safe Files and reboot. If this does not work see the new FAQ on un-sandboxing.
Incidentally the invoked browser should be running sandboxed, so you should still have some protection.
This got me intriqued as well. I tested the situation where safe application Opera will start up Power Archiver (not a safe file, I removed Conexware from the Trusted Vendors list).
It turns out that in Proactive/Safe CIS will automatically make a rule that allows Opera to start up Power Archiver when PA is defined as a safe file. This does not depend on the sandbox being active or not.
In Proactive/Paranoid CIS will not automatically make a rule that allows Opera to start up Power Archiver regardless of whether PA is a safe file or not. This does not depend on the sandbox being active or not.
Conclusion. With CIS in Proactive/Safe; when safe program A starts a safe program B, CIS will automatically make a rule for program A to allow it to start program B. That is independent of the sandbox status.
@EricJH … which I guess is very much as it should be. Except that the sandbox is supposed to suppress all except global hook and COM interface alerts according to Egemen. No paranoid mode dependency has been mentioned. So something not quite right.
Intriguing indeed. I guess it ought to be possible to make a rule to over-ride this though?
@ Balue - what is your browser/video editor - if not already from a trusted vendor have you defined them as ‘safe’ or ‘trusted’? What mode are you in, paranoid or safe?
The app was running outside the sandbox, that’s the thing. I tried to put it both on and off the safe files list, make all kinds of custom rules for it and was running in paranoid mode to catch any alerts that it was starting the browser, I even deleted the whole trusted vendor list, but nothing had any effect until Sandbox was disabled, so obviously it’s affecting other rules in an unpredictable way when on, so I’ll leave it off until updates. But thanks for the reply, appreciated.
If you are running in paranoid mode, AND with Opera and the video app unsandboxed, AND with no rule that allows one to call the other, then you should be getting alerts I think. The main things to check here are:
a) are the Video app and Opera really both unsandboxed. You can only really check for sure by rebooting, opening both, then looking in the D+ logs. (Putting files in My Safe files does not always work - see the unsandboxing FAQ). If you have deleted Trusted Vendors then the Video app or Opera may now be being sandboxed when it wasn’t before.
b) have you ended up with a rule that allows one to call the other in the computer security policy?
To prevent the video program from starting Opera look up the video program in the D+ → Advanced → Computer Security → select it → Edit -->Access rights → push the button behind Run an executable and put Opera to the Blocked list.
The main things to check here are: a) are the Video app and Opera really both unsandboxed. You can only really check for sure by rebooting, opening both, then looking in the D+ logs. (Putting files in My Safe files does not always work - see the unsandboxing FAQ). If you have deleted Trusted Vendors then the Video app or Opera may now be being sandboxed when it wasn't before.
Well I thought putting it on the safe list meant out of sandbox, maybe this was the problem all along. Didn’t realize it was more complicated than that…
b) have you ended up with a rule that allows one to call the other in the computer security policy?
No, tried several times with fresh rules and paranoid mode.
That was definitely the way to do it, thx. Now I can have sandbox on again.
Still mystified why an ‘ask’ alert wasn’t good enough, but maybe it was in the sandbox like described in the post above. But then again, intuitively, things running in sandbox should be more prone to refusal and alerts when opening other apps? :-\
I think I may have worked this out. The sandbox restricts sandboxed files by comparison to v4 safe files. It also suppresses alerts in relation to these restrictions, simply denying the privileges instead. But note, and this is the critical point, that these restrictions do NOT include prohibiting the running of another executable. Furthermore in version 4, as distinct from version 3, I think that a safe file is, by default, allowed to run another safe file without raising an alert. [Edit: Just checking this with EricJH]
Now the only thing I am confused about is the fact that blocking works. It must be that additional restrictions on sandboxed files are allowed - the sandboxing restrictions don’t over-ride all other restrictions but they act as a base line which can be added to. This makes sense. I wonder if you can relax restrictions too. That is do computer security policy rules fully over-ride sandbox restrictions? Flexibility-wise that would make sense, security wise it would leave things up to the user.
I haven’t actively wrapped my head around it lately. What I do recall is that safe files are allowed to start up safe files without alerting; putting D+ in Paranoid mode will most likely break that.
Your queries now seem to now been resolved. I’ll lock this topic and mark as [RESOLVED] should you have any further queries relating to this specific issue please PM an online Moderator and the topic can then be re-opened. If you have any other queries or issues please create a new topic.