Totally and utterly cleaned comodo off pc! Will try a re install in the suggested manner. However is cis 8 less secure than 7 even if you use chirons guide?
Right so the new default configuration keeps track of files downloaded from the Internet or coming from the removable or network based media. We have collected telemetry information for about 2 years and found out that automatically sandboxing unknown executables from these sources will prevent infections.
In your case, you are testing with some VMs and have specific scenarios. You need to fine tune either CIS or your environment. CIS is flexible though. By all means you can simply switch to old way of doing things. All you need to do is to go to Rules #3 in auto-sandbox policy and remove all source criteria.
I attached the screenshot.
[attachment deleted by admin]
It isn’t. If anything, it is more secure because it now automatically virtualize unknowns hence protecting data from ransomware better than before.
cheers egemen
1 - Nope this is not correct. CIS will track the files downloaded from the internet even if hey are coming from archives.
2 - You do not need to switch to Proactive Security if you need CIS to work like CIS 7. All you need to do is to modify Rule #3 as shown here: https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-8004337-is-released-t108001.0.html;msg784815#msg784815
Correct me if I’m wrong but doesn’t CIS detect if files come from the internet by checking the alternate data streams? So what happens when the archive manager extracts the content while also stripping the alternate data streams which by the way is something that is happening.
Edit: See bug 1209
This is a real issue that could lead to infections because of CIS not sandboxing unrecognized files extracted from archives downloaded from the internet, if you find a way to fix that then sure that would be great but at this time it’s unreliable.
I mean if there are no rules and the app is considered safe, how do I know what is permitted and what is not?
I downloaded a rar archive from internet, extracted the files inside it and CIS regularly sandboxed all of them (on a real system). I wonder if people who have the problem with non sandboxed files, downloaded the archive from internet or instead they already have the archive on their pc. Or maybe is a problem relative to the virtual machine?
If it connects to the internet, it’s permitted. If it asks, it’s not a trusted application. It didn’t create rules because you unchecked the box that tells it to. Again, if you don’t trust this policy, use custom ruleset and you decide for everything. I use custom ruleset.
Oh, and why it permits Thunderbird and not Firefox? I can only speculate here, but it’s possible that Firefox just hasn’t yet been added to trusted files because it’s newer than the Thunderbird version you’re using.
In the bug report it mentions that it doesn’t happen with all archive applications and that it may also be dependent on other variables as well, so while it would retain that data for some, it wouldn’t for others.
Comodo Leaktest fail, my score 230 
Are you using the auto-sandbox or HIPS? The leaktest wasn’t created for sandboxing and hence the result doesn’t really mean anything.
Well, that’s a bit risky. I can’t always rely on assuming that some app is safe, just because I see no alerts. Anyway, I will change to custom ruleset as you suggest. Thanks.
Gui operation still bad correction awful! Select full scan decide to stop not a chance reboot only solution. This does not happen with cis 7
Edit Full scan seems to be main problem others have gone as far as I can tell.
It seems comodo doesn’t protect if the virus comes from attachment in email or through p2p software as well.
Before I did the test with active sandbox, after I tried to disable it temporarily, but the result is the same. The HIPS is set to secure
Hi there,
I just wandered if some users got the same issue I had before trying to fill a bug report.
When I activate “enhanced protection mode” that uses VT-x, my PC freezes when I try to open a program sandboxed (I tried with word file, sandboxing it from the contextual menu).
I got a Intel core i7 2600K and Windows 8.1 Pro 64 bits.
Additional question: “enhanced protection mode” is under HIPS menu, so does it still opens automatically unknown programs sandboxed (and using VT-x technology) when I disable HIPS ?
In CIS 7 I liked a lot not to be bothered with popups for every unknown program actions (e.g. when I needed it just once, but not only for this case) with just automatically sandboxing them (and still having EPM on).
Since it seems to be changed it a bit in CIS 8, even if it’s probably just a UI thing, I’m a bit confused. A little clarification will be greatly appreciated. 
Thanks!
it seems like a very random bug. I have tested with the same unpacker in the same environment (win 7 x64) with different results each time.
thank you for your efforts :-TU
- The file name varies on installation. I deleted mine.