cmdvirth.exe and svchost.exe in it's tree automatically sandboxed after update

hi I have problem that started right after the recent comodo program update, everything was working fine before that
but since then every morning for a few days now when I start the computer I see 3 applications being auto sandboxed, It doesn;t seem to affect anything much on the computer but it’s annoying because I would prefer to see 0 applications there and only see a number when something serious actually happens, unless this one IS something serious in it’s own, but what is this problem now?
included screenshots

Windows 7 64 CIS version

[attachment deleted by admin]

Could you check the logs if it claims any applications were sandboxed at the time you started the computer?

first thanks for trying to help I appreciate it
second I’m sorry I’m not sure exactly where and which log to look at please?

In version 8 the checkmark “run services installed in sandbox automatically” is enabled.

In version 7 it wasnt. So you only saw them after you used the sandbox.

sorry now I’m even more confused, was the latest update from less than a week ago was from 7 to 8?
if it was, what does it actually mean what you are saying, that I should just untick the box you mentioned ? why if it’s nothing serious comodo shows 3 sandboxed apps in that section, it’s like a false positive?

Sorry I was on a phone when I typed that, so it ended up rather vague.

To check to logs:

  • Open the main CIS window
  • Click Tasks in the upper-right corner
  • Click View Logs under General Tasks
  • In the new window that appears there is a drop-down menu to the top-left, click that and choose Defense+ Events
  • Right-click anywhere within the list and click Entire period
  • Find around the time you logged in and see if there is any logs of application being sandboxed

It’s showing 3 sandboxed applications in that section because that’s what they are, they are sandboxed, running in a virtualized environment (depending on settings, V8 default is virtualized) the counter of how many apps are running in the sandbox doesn’t say if there is anything serious or not, it simply states that things are running in the sandbox, it’s not a telling of whether it’s serious or not serious, simply neutral information.

hi thanks again
I looked at the particular Defense + entire period log following your instructions I see nothing got sandboxed today or even yesterday I see one file of mine which is a text file that got logged (under “flags”) as “Ignored” so I guess that’s not it right? so what is being sandboxed then?

In version 7 if you had virtualized something, 3 things are staying.

In version 8, you dont need to virtualize something first for that outcome, because its checkmarked:
start installed services in virtual box automatically.

I just tried it in 7.
Loaded something virtualized.

Until next reboot these 3 things stay in sandbox. Like yours.

Difference of checkmark:
Your THREE stay after reboot as well.

hi clockwork thanks but I don’t think I fully understand what I’m supposed to do with the information you supplied me I think I already HAD version 8 and just got a small update and then things started to pop, before this last update which took place a few days ago with version 8 I didn’t have these sandboxed apps…

Ok. Then remove the checkmark, reboot and see what happens :slight_smile:

Then see what happens when you virtualized something.

Atm i have cmdvirth and 2 svchosts in sandbox as well. Because i wirtualized something.
For you it will be the same then.

While i think that this explains it the best.

The three services that you see are mandatory services that are each time in your sandbox after you virtualized something.

The chcekmark determines if they are automatically started next time (default version 8 )
started if you virtualized something (default version 7)

I would recommend to uncheck the mark.

if I don’t hear back from Sanya with regard I might try your method as a last resort, I don’t use this feature of virtualizing things I didn’t before and I don’t see why I would now, unless it happens automatically, I don’t know why Comodo claims I virtualized something in the last few days, I don’t see what have changed in the way I use my computer (other than the last update a few days ago)

Oh sorry, I thought that Clockwork explained it quite well so I didn’t see a need to comment, disabling the option doesn’t impact the security negatively at all, in fact it may increase it if anything, I would recommend disabling the mentioned setting and then rebooting to see if it worked.

It definitely “increase” the security to uncheck it.

If ANY service installed in sandbox is autostarted, even malware services would autostart in sandbox as well!

We witness the price of userfriendlyness again.

As in version 7, unchecked default, these 3 services remain after virtualizing something ONCE in the session.
Until reboot. Or until clearing the sandbox.

In DEFAULT version 8, reboot does nothing.

ok guyz I’ll try it and reboot and let you know, but actually I don’t know where to uncheck it?

Advanced settings, defense+, sandbox, “services installed in sandbox autostarting”.

That can be disabled.

the box in the attached picture? I already had it disabled…

[attachment deleted by admin]

Hmm, try resetting the sandbox and then reboot. You can reset the sandbox by going to tasks page and expanding Sandbox (I think it was) then clicking reset sandbox.

ok I tried reset Sanya, it’s zero now (even after reboot) let’s hope it will stay this way… thanks a million for all the help and regard to the kittens

It’s possible that the last “session” of the sandbox was somehow corrupt and caused it to stick through reboots, just a possible explanation.