Hi there,
I was reading the Comodo help documents on the web, then I noticed that the sandboxing part is kinda misleading. Comodo Help.
I mean the autosandbox part -
Automatically sandboxed applications are run with ‘Partially Limited’ restrictions. More detail: Sandboxed applications are allowed to run under a specific set of conditions or privileges. In CIS, these are known as ‘Restriction Levels’. There are four levels – Partially Limited, Limited, Restricted and Untrusted (‘Partially Limited’ is the default level for applications that are automatically placed in the sandbox). In part, sandbox restriction levels are implemented by enforcing or relaxing the native access rights that Windows can grant to an application. For example, the ‘Limited’ setting applies some of the supported operating system restrictions and grants it access rights similar to if the application was run under a non-admin user account. These restriction levels are fortified with certain Defense + restrictions that apply to all sandboxed applications (for example, they cannot key log or screen grab, set windows hooks, access protected COM interfaces or access non-sandboxed applications in memory. If the user enables virtualization, then sandboxed apps. can’t modify registry keys or modify existing protected files either).
When it comes to the virtualization part, as far as I know, the autosandbox never applies virtualization, and also I read that in this forum, some posts from Comodo veterans. So I think Comodo should have stated that in the document as true as possible.
Also I wanna ask that if I set the restrictions level to “untrusted”, what kind of D+ restrictions can be applied to the sandboxed applications.
My best regards,
Tyler
