CIS sandboxing perfectly known programs - seemingly at random


got a serious problem with Defense+ sandboxing perfectly known and safe applications!

What happens is that I open a file for a normally known and trusted application (say: *.txt file with Notepad, or *.doc file with MS Word), and then my computer apparently freezes for quite a while until ultimately loading the app.

After investigating I finally found the culprit: Defense+ is putting those known application into the sandbox and scanning them online (see attached jpg)


a) Why on earth is CIS sandboxing such programs like Notepad or Winword? They are known, both to Comodo and to my CIS installation, as I have manually defined them several times as trusted apps. When trying to define them again as trusted, CIS tells me it is already a trusted app…

b) What exactly is being scanned online? The application file? Or worse: the file triggering the opening of the app (i.e. the txt or doc file)? I definitively do NOT want CIS to send any file from my computer (exe or other) to some online scanner without telling me. There is no notification whatsoever, all I see is that CIS is generating internet traffic. HELLO? EXCUSE ME??? Did I miss something? Isn’t a firewall here to exactly stop such behavior from software? Connecting to some unknown mothership and sending files from my computer to some unidentified destination??? Sorry guys, but I’m having a hard time accepting such a behavior from a firewall software, as good intentioned as it may be.

So my questions are:

  1. How to make sure CIS does not sandbox known (and trusted) apps any more?, and
  2. How to stop (or better: impede) CIS from sending files to some online scanner without bringing the whole app to its knees?

Thanks for answers

[attachment deleted by admin]

This is not the way CIS is supposed to function. It seems likely that something happened to your installation.

Please first check to see if the diagnostics find a problem.

If not then please try reinstalling it by following the methods I discuss here.

This is THE reason I dumped Comodo. I had the same issues as well. On top of those issues, I was sick of seeing that Comodo sent Microsoft processes to the cloud for further analysis, over and over again, even though all of those processes were in the trusted list. My computer was slowed to a crawl just ■■■■ everyday things.

I may not be as protected with Panda Cloud as I was with CIS, but I refuse to have to babysit my antivirus every time I hit the on button. Instead of adding new items like DACS, Comodo needs to fix their current version first!

Sorry guys, just my .02

Thanks for the fast reply. Diagnostics did not find any problem.

De- and re-installing sounds like a lot of fun, especially to re-set all the custom policies…

I don’t mind to “babysit” my firewall to some extent, just to make sure it behaves the way I want it.

Nevertheless, I DO WANT to know what exactly is being sent to the online scanner without my explicit consent. Any thought about that?

From my understanding I believe it’s just executables and possible dll’s. So it’s probably just sending the files for microsoft office, etc…

I’ll ask the other mod’s to see if any of them has any more information.

Still, this is probably an installation problem of some sort. A reinstall should solve it. Although you could export your configuration and import it into the new one that may be part of the problem. I’d shy away from trying it, but you can if you want.

I have had 2-3 D+ alerts from Microsoft Windows files. CIS certainly does produce some odd pop-ups.

When a safe file gets started by sandboxed application the safe file will get sandboxed as well. That may be what is causing the seemingly erratic behaviour being witnessed.

With cloud look up enabled CIS will, when it finds an unknown file, upload its hash code to the cloud to see if it known. When it is unknown it will upload the file. It will not upload .doc or .txt etc but it will upload scripts if I recall correctly.

As Chiron suggested you can export your active configuration. Then try a clean installation. After that you can import it and see what happens. You can then also test it with a clean config as well to see if there is something not right with your settings.

OK, thanks for the explanations. However, the parent app is a trusted one (i.e. Notepad or WinWord), NOT sandboxed, so I still don’t see why that should trigger all that problem.

Anyway, I have reinstalled CIS and will see now what happens.

Thanks again

CIS also puts CCleaner at Sandbox. CIS also does not recognize RocketDock (old program Dock).

What version. Keep in mind that CCleaner is regularly updated and that there is always a period where an updated program is not white listed.But when you know you downloaded the new version from a reputable source you can add it to Trusted Files yourself.

CIS also does not recognize RocketDock (old program Dock).
You can submit it to be white listed in Submit Applications Here To Be Whitelisted - 2011.