CIS V6 Help bug reports and errors.

Show highlight frame for virtualized programs - If enabled, CIS displays a green border around the windows of programs that are running inside the sandbox. The following example shows an .odt document opened with a sandboxed version OpenOffice Writer:
Please also explain red borders, an how you can get them (run an app from the shared space, thus non-virtualised, in Kiosk?
By default, sandboxed applications are not allowed to access folders and files on your 'real' system. However, you can define exceptions to this rule by using the 'Do not virtualize access to...' links.
Not true I think. The true rules as I understand them are that non-virtulaised apps cannot access data in the sandbox. Virtualised apps can access data outside the sandbox. but cannot modify it (if it tries it creates the modified copy in the sandbox). Both virtualised and non-virtualised apps can acces data in the shared area and no sandboxed copy is created. So the point of the shared area is fully shared (ie normal) access.
'C:/Program Data/Shared Space'.
No space on my computer.
Limit the program execution time to: You can define how long the program is allowed to run by selecting this check-box then entering the time (in seconds). The program will be terminated after this time has elapsed. (Default = Disabled)
Alwyas wondered about this. Does it maybe really limit the total number of CPU seconds used in processing by the app?
Limited (Default) - Only selected operating system resources can be accessed by the application. The application is not allowed to execute more than 10 processes at a time and is not allowed to execute actions that require Administrator account privileges. Access to many system resources, like the clipboard, are also prohibited
Limited is not the default
Note: Programs added to this list will always be executed inside the sandbox. If you want to run an application in the sandbox on a 'one off' basis instead, you can do it in two ways:
Right click on the program or file to be opened from the Windows Explorer and select 'Run in Comodo Sandbox'

or

Flip the 'Scan objects' pane in the CIS Home screen to show 'Sandbox Objects' and drag and drop the program or file from Windows Explorer to the pane</blockquote> Maybe should mention Kiosk again as they are not separate and this makes them seem so.
'operating system within an operating system',
As above this is a misleading metaphor.
Partially Limited - The application is allowed to access all operating system files and resources like the clipboard. Modification of protected files/registry keys is not allowed. Privileged operations like loading drivers or debugging other applications are also not allowed
'Modification of protected files/registry keys is not allowed'this is untrue for virtualised apps. Modifications are allowed but sandboxed leaving the original unaffected.

A section explaining the relationship between sandboxing via the Kiosk and via the main CIS interface would be useful perhaps. I have attempted this in my Introduction to the 6.0 Sandbox (see stickies).

Define exceptions for behavior blocking – Allows you to add certain file paths for being excluded from monitoring by the Behavior Blocker. The executables included in the exceptions area are allowed to run without checking of authenticity. (Default = Disabled)
Please clarify how this differs from making something a trusted file
Partially Limited - The application is allowed to access all operating system files and resources like clipboard. Modification of protected files/registry keys is not allowed. Privileged operations like loading drivers or debugging other applications are also not allowed.
    Limited - Only selected operating system resources can be accessed by the application. The application is not allowed to execute more than 10 processes at a time and is run without Administrator account privileges.(Default)

    Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications, like computer games, may not work properly under this setting.

    Untrusted - The application is not allowed to access any operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications that require user interaction may not work properly under this setting.

    Blocked - The application is not allowed to run at all.</blockquote>

I guess this list should include fully virtulised but note it is only there if you perform a registry hack.

Limited - Only selected operating system resources can be accessed by the application. The application is not allowed to execute more than 10 processes at a time and is run without Administrator account privileges.(Default)
It's not the default, unless this has changed
http://help.comodo.com/uploads/Comodo%20Internet%20Security/1bca1244957cf78a78b90fc0d6acd490/5eac818f1e1c4adc19d335055b06586b/19f2d3d6b4e8556f34c2c76467ac7c75/bb.png
It's not the default.
Auto-sandbox unknown applications as - Allows you to enable or disable the Behavior Blocker. If enabled, the Behavior Blocker runs unrecognized applications inside the sandbox with the access restriction as selected in the drop down menu. (Default = 'Enabled' with 'Limited')
Wrong default I think

An indication re why you might exclude certain apps from certain things on this page would help. Also how would you know if an exclusion was needed?

Just checked this one and the ‘support for extensions issue’ appears it has been fixed, apologies.

Sorry therefore also incorrect here (same problem), sure it did this in mods alpha, but maybe I’m wrong.

Actually now I think I’m right and this is a bug, but who knows :). Clarification requested from a dev!

But the new behavior did not make sense so I checked it. Now everything runs virtualised in Kiosk even if it is exempted from the sandbox on my Win 7 VM.

So I think I was right to start off with, and this is new behavior, and a possible bug?

Could someone (some dev) please clarify?

There does not seem to be a full explanation of the restrictions and permissions that apps run in Kiosk run under anywhere, and what additional restrictions you can optionally apply to them.

There is quite a lot about this for BB’s files by contrast.

CIS Version 6 Program/Help are out of Beta now, but still continue posting help file errors in this topic and if the need arises we can always split it off from this point.
Thank you.

I have had to completely refresh Windows 8 twice as Comodo Dragon seems to develop some errors which I have been unable to fix - I’ll address this elsewhere though. This led to a clean install and the following problem…

This aside, on a clean install, I usually save my configuration and then reload it on re-installing CIS. Then after I install a few essentials, I usually run purge the firewall rules (works OK) and the Purge the HIPS rules also to clear out old versions of programs or things I wont be installing this time.

Unfortunately, CIS 6 seems to freeze/lock up when you purge HIPS Rules. Not a big issue for me, as I have worked out how to purge them manually from the backup configuration file, but it would be nice if it worked.

For help file issues, please create an individual report for each issue in the following location.
Bug Reports - CIS
GUI & Help format

Thanks.