I installed dropbox, right after the installation I realized that the program had ended the previous instance of explorer. exe and started another.
So I decided to do a test with antiteste. exe before and after installation of dropbox.
tested without having installed the dropbox, CIS 6 funionou perfectly, alerting and being able to block access attempts. However installing dropbox and performing the test, the CIS 6 warned not blocked or anything.
after restarting the PC or the explorer process. exe comodo back to their normal characteristics alerting and blocking, and if a layman User downloads a malware able to bypass defense +?

Note: realized the test outside the sandbox and behavior blocker disabled. Because even if the antiteste runs in fully virtualized sandbox, it will be able to capture screen and keyboard.
for those who do not want to see the video image in the sequence follows:

What configuration are you using? Proactive with BB disabled I assume.

1. If the explorer.exe is executed by the dropbox installer, it will inherit the rights of the installer.

So, any child process of the explorer.exe will be trusted by CIS.

2. Wish:
   Do not allow the explorer.exe for inheriting the rights of any process.

3. You can try this one.

untick the option

So is this essentially a bug then?

Defense + (proactive) active behavior blocker and sandbox disabled

occurs, even though disabled setting rating
the right would be alerted that the explorer was being accessed as is the case of security policies to reliable software pre-defined.
and feel a certain lag when I try to run the dropbox.

CIS 6 should warn about the process explore and access the dropbox, dropbox access to explore, but it seems that dropbox can bypass defense +

1. The user should untick this one, too.

2. The issue is just a vulnerability, it is not a bug.

For example,

https://forums.comodo.com/news-announcements-feedback-cis/a-vulnerability-for-comodo-sandbox-t86137.0.html

3. Maybe this is the reason why some sandbox programs put many applications to the forced sandbox.

such as defensewall hips

Coming to think of it in light of the above and this is an unacceptable practice performed by the Dropbox installer.

I am not sure why this strategy was chosen. May be it was because they tried to avoid a reboot but it is unacceptable from a security point of view. I find it already questionable it installs its self in the user folder like viruses and Google Chrome do trying to avoid Windows User Account Control. But restarting Explorer with installer privileges has my blood boiling and steam coming out of my ears and nose … :o :-X

I found a big problem.

disable the two options →

(1) HIPS (safe mode) → still trust the unknown application

(2) BB → sandbox the unknown application

Conclusion:
There is no solution to the problem for the HIPS users.

:-X

vunerabilidade have a fix this?
example of how it should work to reverse application of trusted or not:

Unfortunately, this problem is an old one in the alert process explorer trying to access an application and an application attempting to access the explorer process works sometimes and not others :-\

1. I installed the dropbox, and it killed the explorer.exe.

2. The explorer was started by the winlogon.exe.

3. The explorer.exe did not inherit the installer privileges of the dropbox installer.

4. So, the CLT.exe can be sandboxed by CIS.

5. Environment:
   Windows XP Pro SP3 32bit

6. Question:
   The explorer.exe will be started by the dropbox installer in Win7 X64 ???

[attachment deleted by admin]

what makes dropbox and restart the process explorer, explorer not auto restart case has been finalized by a third-party software.
reason the system fails and the explorer will ask us to restart the explorer process

solution
dropbox uses Seclogon
HKLM \ SYSTEM \ ControlSet?? \ Services \ Seclogon
placing it in protections CIS6 comodo registry is able to prevent the dropbox restart the explorer process
proceed as follows:

note: after starting the install you select and install or update comodo still fails precisely because it allows access to the explorer. exe.

sorry to users of the forum by the incomplete video, was already in the middle of the night when Brazil posted

Show Me the resolution and another failure from the minute 5:40 when we click install or update

demonstração da resolução e uma outra falha quando clicamos em instalação ou atualização - YouTube (video complete)

Will someone please create a bug report for this?

I realize it’s a vulnerability and not a bug, but I believe it certainly falls under the blanket of issues which are worthy of bringing to the devs attention.

Thanks.

1. Stop inheriting the installer privileges for certain applications?

2. It is a bigger vulnerability for V6 than for V5, because CAV V6 does not scan the files in the “safe files” list.
   

Excellent piece of software, seems Comodo is not as secure as some may say. Recently I have started to doubt Comodo and their software

Why cannot any Comodo staff comment on the above??? It’s not because they are busy, if Melih can reply to posts then so can other Comodo staff…

It’s secure as it gets. Any security product will have some bugs. What’s good is that ppl find them before somebody can exploit it.

I have used CiS for years on my both PC’s.
Right now i got problems (instable) with the old version on one computer, and the other just received v6 (where i am unable to find advanced options :P).
That, and looking at Your video made me think, that its time to move to some other software.
But what?
Zone Alarm was good - about a decade ago
Any suggestions please?

Please start a topic in Install / Setup / Configuration Help - CIS. That way this topic won’t go astray and your problem will get the attention it deserves.

and the other just received v6

Version 6 is not on the automatic updater for people using v5.x. What happened? You likely saw the updater icon, which may stray for 10 or so seconds, but it did not say there was an update. However when clicking on it it will give a screen with a url. Following that url probably got you the message there was another version.

Did you install v6 without uninstalling v5?

(where i am unable to find advanced options :P).

Already answered in your other post. Please don't cross post.

That, and looking at Your video made me think, that its time to move to some other software. But what? Zone Alarm was good - about a decade ago :P Any suggestions please?

It's one glitch. That does not make CIS completely useless all at once. With Zone Alarm you're far worse of: http://www.matousec.com/projects/proactive-security-challenge-64/