Hi,
have you seen this video - YouTube ? Can anybody who understands it express himself/herself how it is possible that for example program FunMoods Comodo runs in Sandbox. Sandbox was deleted and in spite of it the “load” got the the PC
thank you
-
The sandbox did not need to be reset, because the user did not use the virtualization.
-
The protected files does not contain this line:
%programfiles%*|
Sandbox was reseted. Have a look on video 17:14 - YouTube and user uses virtualization PARTIALLY LIMITED.
In V6, BB does not use virtualization by default.
The user can set the sandbox level as “fully virtualized” if he or she want to enable the virtualization for BB.
(1) FunMoods is from the “video converter”.
(2) The installer was sandboxed as partially limited.
(3) It will be blocked for important actions only (depends on the HIPS rules).
For example, the toolbar did not show in the video.
The “HIPS rules” means the three items only. (Because the HIPS is disabled by default.)
I don´t really care what he/she can do. I only wrote that Comodo with Sandbox on and virtualization set up on partilally limited let viruses in the PC
Isolated ≠ Virtualized
So what does isolated mean?
You can see on the video the new process was created and seen in Killswitch.
I haven’t watched the video, but I’ll try to explain anyway. An application run under the Behavioral Blocker is isolated from the rest of the system. What this means is that the file can start processes and drop files to certain folders. However, it cannot perform any actions which would harm the system itself. Also, after restarting the computer no processes started by it will automatically start.
Does that help?
Just watched the vidoe & commented.
As Chiron mentioned, no active malware was there.
1 link he marked as ? instead of isolated as he couldn’t see autosandbox alert that appeared behind KillSwitch.
Many testers do this mistake, they reset sandbox, that is for Virtual Kiosk & I think Full Virtualization set as autosandboxed & not for partial limited autosandboxed.
Later when he tested 5-6 malware, malware were autosandboxed & 1-2 malware generated Unlimited Rights Popup for which he selected Run Sandbox, but he didn’t restarted the system, I think he needs to restart the system as it clears few things, right?
And in the link below related to the test, he mentioned 0/5 points under Section VI: Unknown Malware Detection and Intrusion Prevention - Program can prevent unknown intrusions, whats this? Is he correct/incorrect?
http://www.malware-geek.com/audit-results/comodo-internet-security-6-0-012813/