You can’t just remove vendors and expect them to be untrusted, you must specifically set the vendor to unrecognized in the vendor list, also without knowing full file rating and containment settings, no one can know what the issue is. I tried and neither chrome versions where contained because the vendor was re-added as trusted from file lookup service.
File is not even digitally signed, so it has nothing to do with changes you made to the trusted vendor list. Make sure cloud lookup is disabled under file rating settings, then check auto-containment rules to make sure a rule is configured that would cause the application to be auto-contained.
I’m talking about auto-containment rules, also can you open the registry and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Data and edit the value ExplorerIsComodoPageVisible and set it to 1. Then right-click on ScreenResolutionManagerSetup.exe and select dump information of the file, and attach to your post.
What I would like to know is how did you download the setup file? Did you use a web browser or a download manager and was it saved somewhere else besides your downloads folder? Can you show the file details of ScreenResolutionManagerSetup.exe if you still have it saved in original location when you ran it.
IDM to Desktop and executed directly from there, Desktop is my download folder.
Chrome and ScreenResolutionManager are just random files, I don’t use them at all. I usually download things just for the sake of testing. From the 50+ files that I downloaded only Chrome and ScreenResolutionManager did “escape” the Sandbox if I may say so.
I used to do that with W10FC / Sandboxie but now I am giving CFW / Auto-Containment a try.
I found the reason at least for screenresolutionmanager, it is trusted by comodo whitelisted signature which I thought only applied to when the AV installed. I’ll ask if that is intended behavior for whitelisted signatures to be in effect when only the firewall is installed.
An application need not necessarily get sandboxed when it is not listed in Trusted vendor list. CIS always do a file lookup. The same goes for the vendor. When a file is signed by a certain vendor and launched on a PC, CIS look for a hash and a vendor verdict. It’s for all components.
If you wants to run particular application in containment you can either:
use “Run in Comodo Containment” from Windows explorer context menu
Thanks Metheni, but the issue is cloud lookup is disabled and the executable is not digitally signed so trusted vendor lookup is skipped but application was still trusted. Despite not having the anti-virus installed, application ended being trusted by comodo AV whitelisted signature, a file signature shouldn’t be applies when the AV is not installed.
Online or offline checks ?
Whitelisted file signature is an offline check, I believe it is stored in white.cav database in CIS installation directory under the scanners folder.
Would be good to have an option to enable/disable this internal hash whitelist in Comodo, even for those with AV installed.
For example when downloading Baidu PC Faster from Softonic, it was still trusted by CIS even with Lookup disabled and Baidu removed from Vendor List. By using Resource Hacker to delete the icon of PC Faster Installer and thus changing it’s hash, the Installer was rated as unrecognized and then blocked by Containment.