Have you guys checked this video on CIS 5.3. A malware was autosandboxed but it got through & infected the system & system was not responding. After restart of the system too internet explorer kept crashing & the guy was not able to perform the test so he ended the test.
I disagree with both of you. This video does not prove that malware bypassed the sandbox.
We know that malware can sometimes dominate CPU cycles when it is running in the sandbox (and thus, the suggestion posted below was made). But in this video, most of the CPU cycles are dominated by the windows “dumprep” program (run when a program crashes) and this is what caused his “freeze”. The freeze was not caused by CIS or the malware dominating the CPU. All he had to do is wait until dumprep finishing running, and his system would have unfroze.
The sandbox does not prevent crashes or file corruption caused by poor programming or incompatibility, which may have been the cause of his IE crashes (malware corrupting IE). IE corruption could have also been caused by powering down rather than shutting down (not sure which he did based on the video). To fix his IE damage, he just needs to reinstall IE. What the video did not show: was there any active malware after reboot? Probably not because Comodo has tested its sandbox against tens of thousands of malware samples, and none have bypassed the sandbox. So, he may have had corruption of IE, but his system was still likely to be malware-free after reboot. So, until he can prove that malware was present after reboot, then Comodo did great and it did what it is designed to do: prevent malware from infecting your system.
[quote author=Whoop-dee-doo link=topic=60766.msg431690#msg431690 date=1283747258]Sandboxed malware can make it impossible to use your computer and impossible to terminate the malware (because the malware runs the CPU at 100% or it goes full-screen and steals focus). It also makes it impossible to reboot (you must power down). To prevent this problem, CIS could institute the following options.
Empty sandbox (terminates all programs in sandbox and cleans out any files/registry entries that were dropped) - see #10 in this post for more details.
Suspend sandbox processes (halts them all from running or gives the sandbox minimal CPU usage)
Set limits on the CPU usage of the sandbox - have user predefined limit to the % CPU dedicated to the sandbox (posted here and here).