Comodo CIS detected as a "Virtual Machine Running" by SIW

I’ve made an interesting discovery this week about my Comodo CIS. I thought I’d share in case it is helpful to others in future. It’s regarding a disconcerting warning message “WARNING: A VIRTUAL MACHINE (LIKE sandbox) is running!” I got last week from a wonderful little utility I use called SIW (System Information for Windows) by Gabriel Topala. My first thoughts, I’d been hacked and immediately started researching my CFP logs & doing my homework to get to the bottom of this. I’m pretty hardware ignorant and have found it most useful to tell me everything you ever wanted (or didn’t want ;)) to know about what is on your system. Here’s a link to my discusson on the warning msg on Broadband DSL Reports forums. It is NameGame’s post at the end of that thread, linking over to the Kaspersky forums that fully explains the likely cause for me is Comodo.

I knew, but had completely forgotten the many discussions on this forum of Comodo’s protection even before Windows (kernel) is fully booted up.

Hope this post is helpful to others.

That is the CIS Sandbox driver that triggers that, CIS uses “Internal Sandboxing Technology”.

You can bet I won’t forget this little detail again! LOL Sheesh, I’ve spent a lot of time on this thinking I had some nasty rootkit or something on my machine.

By having a look at the drivers (using Autoruns from sysinternals) you can also find this “information”

See also the attached screenshot.

[attachment deleted by admin]

Thanks Ronny. I’ve d/l’d and I’ll take a look. So far, I’ve only used SysInternals Process Explorer to keep track of what svchost.exe is up to.