I just went over to Zemana website and tried their test tools and found out that Comodo Defense+ didn’t block any.
It passes the “Keyboard Logger” if you block the Defense+ alert. This is with the file automatically sandboxed as partially limited.
For some reason the “screen logger” and “clipboard logger” were scanned online and found safe. This should be changed. I couldn’t test the webcam one since I don’t have a webcam.
cis3 blocks by default every of them except the webcam (i don’t have any, i didn’t run the test) whereas cis5 does the same only if the sandbox is disabled.
When the sandbox runs, defense+ paradoxally fails from writing the file as unknown, and from one of its severe bugs (there’s no choice to ignore some file, you must choose between safe or unknown).
Of course, we are speaking here of “safe files”, and no one cares about what the sandbox does or not in this particular situation, but we must conclude that the same behaviour could be observed with also unknown but really malicious files.
As a consequence, but it’s not really a scoop, the sandbox continues to be not only useless, but also dangerous.
yes, sometimes the comodo sandbox is somehow “protecting” malware from beeing stopped.
its like a secure running area for malware. i dont get this philosophy: automatic run something in a box, instead of asking me to allow…
well, in few cases it could protect you a little bit from changes in the operating system…
but more often it would let a “keylogger” automatically run, collecting data and maybe even send them (if sandboxed things still have internet access by default for “userfriendlyness”).
a sandbox only makes sense, if it would be only a “box”… and it doesnt makes sense, when it is made to let things run and do what they want (apart from some changes) just to avoid questions.
Which they don’t.
so its changed. i remember as it was new… it has been one of my main reasons for disabling the sandbox FOR security reasons 
They disabled that with the first update of V4 specifically because people, like you and me, saw it as too much of a vulnerability. Which it is. 
As far as I’ve seen, and heard, you will always get a firewall alert for a file running in the sandbox. Thus even though some keyloggers can run, more or less work correctly, in the sandbox you still get the chance to stop them from sending information over the internet.