CIS 7 Beta Bypassed

I was testing CIS 7 Beta & ransomware screen appeared & system restarted.
After system restart files in My Documents were changed to MS Word.
When I clicked on the files, info was there.
Attached is the screenshot
I reverted to clean state with Comodo Time Machine & things were fine.

[attachment deleted by admin]

How did you have CIS configured? Was it set to Partially Limited?

Yes, defaults.

Can you check with RC version?

I cannot check this myself, as I do not have a VM set up. However, I will move this to the Beta forum. Hopefully someone there will be willing to test it against other settings.

I have a feeling that just changing it to Limited will protect against this. Sadly Partially Limited has been shown to still be susceptible to certain variants of ransomware, although it’s still more secure than previous versions. This isn’t a bug, but just a compromise with using Partially Limited. However, if it bypasses Limited it may be worth a bug report.


You can add the folder to the “Protected Data Folders”.

default = empty

This is normal with partially limited. If you turn up the sandbox level to limited it will protect you. CiS allows file access in partially limited because some legit apps require access to your files such as disk defrag. I remember talking to egemen about this. Once vc is able to monitor apps in the sandbox it should prevent this

You can use the protected data files to protect your personal data. This is an attack on your personal data not system. I remember Melih saying they are working on something to protect your data maybe he was referring to “protected data folders” not sure.

What is this in RC version?


Protected Data Folder
New data security feature which makes important files completely invisible to programs running in the sandbox. Files placed inside a ‘Protected Data Folder’ cannot be read, accessed or modified by any sandboxed application.

yes its in current version

Here it is