Hi
New Comodo Firewall user here
I have a very small list of trusted vendors and Google is not one of them, but when i double click the 77.0.3865.120 installer Chrome gets installed in my system then starts sandboxed.
Chrome 78.0.3904.97 gets sandboxed directly !
Comodo Firewall 12.1.0.6914 / Windows 7 x64
Hi CFW.TN,
Thank you for Reporting, We will check this issue.
Regards,
PD
it can be cloud look up related
You can’t just remove vendors and expect them to be untrusted, you must specifically set the vendor to unrecognized in the vendor list, also without knowing full file rating and containment settings, no one can know what the issue is. I tried and neither chrome versions where contained because the vendor was re-added as trusted from file lookup service.
Are you sure about that ? Everything is disabled except the Firewall and the Auto-Containment and cmdagent is blocked !
I think it would be nice to be able to untrust vendors in bulk by using the checkbox option.
Similar to my previous suggestion.
Difference being Enable/Disable becomes Trusted/Untrusted. Same difference.
File is not even digitally signed, so it has nothing to do with changes you made to the trusted vendor list. Make sure cloud lookup is disabled under file rating settings, then check auto-containment rules to make sure a rule is configured that would cause the application to be auto-contained.
I have already done :-\
I’m talking about auto-containment rules, also can you open the registry and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Data and edit the value ExplorerIsComodoPageVisible and set it to 1. Then right-click on ScreenResolutionManagerSetup.exe and select dump information of the file, and attach to your post.
Actually don’t even do the registry method, show the Comodo file details of the executable, both the overview tab and file rating tab.
What I would like to know is how did you download the setup file? Did you use a web browser or a download manager and was it saved somewhere else besides your downloads folder? Can you show the file details of ScreenResolutionManagerSetup.exe if you still have it saved in original location when you ran it.
IDM to Desktop and executed directly from there, Desktop is my download folder.
Chrome and ScreenResolutionManager are just random files, I don’t use them at all. I usually download things just for the sake of testing. From the 50+ files that I downloaded only Chrome and ScreenResolutionManager did “escape” the Sandbox if I may say so.
I used to do that with W10FC / Sandboxie but now I am giving CFW / Auto-Containment a try.
Thanks for the help futuretech.
I found the reason at least for screenresolutionmanager, it is trusted by comodo whitelisted signature which I thought only applied to when the AV installed. I’ll ask if that is intended behavior for whitelisted signatures to be in effect when only the firewall is installed.
Hi CFW.TN,
An application need not necessarily get sandboxed when it is not listed in Trusted vendor list. CIS always do a file lookup. The same goes for the vendor. When a file is signed by a certain vendor and launched on a PC, CIS look for a hash and a vendor verdict. It’s for all components.
If you wants to run particular application in containment you can either:
You need to create an auto- containment rule if you want it to always run in the container.
Online or offline checks ?
I disabled Cloud Lookup , VirusScope and blocked cmdagent the day I installed CFW.
futuretech and Metheni thanks again for the help.
Thanks Metheni, but the issue is cloud lookup is disabled and the executable is not digitally signed so trusted vendor lookup is skipped but application was still trusted. Despite not having the anti-virus installed, application ended being trusted by comodo AV whitelisted signature, a file signature shouldn’t be applies when the AV is not installed.
Online or offline checks ?Whitelisted file signature is an offline check, I believe it is stored in white.cav database in CIS installation directory under the scanners folder.
Would be good to have an option to enable/disable this internal hash whitelist in Comodo, even for those with AV installed.
For example when downloading Baidu PC Faster from Softonic, it was still trusted by CIS even with Lookup disabled and Baidu removed from Vendor List. By using Resource Hacker to delete the icon of PC Faster Installer and thus changing it’s hash, the Installer was rated as unrecognized and then blocked by Containment.
I think I am going to submit a Wish for that. 
OK thanks guys.
Hope they fix this in the next release.