I have just enabled the sandbox and disabled autodetect installers. Unknow exe’s give me a popup that they are sandboxed. So far so good i would say.
But then comodo alerted me on UpdateApplications.exe running from c:progfiles:Comodo System Cleaner
I removed that program and ran CCleaner afterwards to check the reg for traces remained.
When i tried to open the properties by clikcing on the filenamen in the sandbox alert, comodo said that the file did not exist.
How can a non existing exe be started and sandboxed? no process with that name was running afterwards.
And the file does not exist on the given location. Does this have something to do with the ‘virtual copy’ vista holds somewhere? i do not know the specifics of these virtual files (hence the quotes).
I hope i did not maken a mess of things
Vista Home Premium SP2 x86
UAC enabled, Admin rights account
T5550 1,8 GHz, 3 gb
Comodo Firewall only (unchecked AV during install)
Sandbox enabled, autodetect installers unchecked
Firewall ‘safe mode’
Thanks. Could you please do a Windows Explorer Search of your entire hard disk for Updateapplications.exe. Please include system and hidden files in the search.
If you find it please note the path, zip it up and post it here.
Then please navigate to Control Panel ~ Scheduled tasks and find Comodo System Cleaner Update. Right click and look at its properties. Take a screen shot please of the task tab associated with this task and post it here.
There have been a few of these problems so you can help us greatly by posting this info so we can find out what is going on.
Exactly. But we need to find out exactly what is going on I think, not just delete the task. In this case I have the app installed myself. But if I remove the .exe and run the task there is no sandbox alert. So there is more to it than that!
Also of course the update executable is digitally signed
Unless you know what is actually happening of course
I think the problem is that normally the task is fine because it calls for a signed executable to run, so CIS sees that and lets it happen. But when you uninstall CSC and it leaves that task it tries to run and call a exe that does not exist anymore, CIS sees that and goes wait, I don’t know why it’s doing that so I will sandbox anything it calls for, at least tries to call.
That’s what I thought, but I tried to replicate it and it did not happen! So there is something else going on…
Hopefully this guy will post details and we will find out. Pre-fetch seems often to be involved, in that a .pf file is sometimes found, but nothing else…
I dont know if this helps but i uninstalled CSC a while ago and D+ never asked me what to do with UpdateApplications.exe.
Once i enabled sandbox the sandbox alerted me after a little while that this exe was sandboxed
I do feel safer now that the ‘weird’ behavior is explained. If comodo detects something weird that tries to run on the system, it intercepts even when the file supposedly does not exisit. It could be a hacker/malware trick to run a file that does not exist upon runtime or something.
I think this is a good thing.
Comodo takes no risk
btw, can i delete the task or do you need some more info about it?
Thanks that is really useful information, especially the additional experiment. Since we have an easy way to replicate it the devs should be able to fix it.
It does seem to be somewhat system specific, maybe OS specific, thought as it does not happen on my machine. Would you (and perhaps Languy) mind adding the standard bug report info as requested here. This is now the best documented reference to this bug so I’ll also move it to the bug report forum, and pm a QA guy.
Finally would you mind not disabling instead of deleting the task just in case a dev. want to ask anything, at least until the next version is issued (soon I think).
Many thanks again for taking the trouble to document this.