Comodo review part 2 by Remove-Malware (Matt)

Part 2 of his review, concerning Defense+ and the Sandbox

Thanks for informing us.:-TU I will check it you later tonight.

I changed your title a bit if that’s ok with you?

Is it three hours this time? Maybe prepare some popcorn or if impatient, skip to the end ;D

Mostly you can skip to the last 10 minutes to see the actual testing :D. Thank you for your time Matt !

eXp

Those two files that were detected by Malwarebytes. I wonder if those would have been there if he would have restarted the system.

If they would then it’s possible that these were dropped by other files as they were run in the sandbox. Can anyone confirm if this will be fixed in the next release. It would be nice to see this and especially blocking all files in the sandbox from accessing the internet added in the next update.

I think (but not positive) he should have been able to delete those files from the my pending files list.

Nice review though, although a tad boring when he’s trying to find links.

He also was disappointed by not finding anything in the “Programs in the Sandbox” window. He just didn’t know to look in the Defense+ Events. I hope the devs straighten this out in future versions. It would be nice to see the “automatically sandboxed” items placed there too!

Absolutely. Having a counter-intuitive GUI is never a good thing.

Egemen spilled one or two beans today with the moderators. The name of the Programs in the Sandbox window is going to change in the future.

Only the name on the existing window? ???

There really needs to be an easy to see what applications were automatically put in the sandbox. Looking at the D+ events to see what was automatically sandboxed is just silly.

The ideal way would be to have two tabs. One listing automatically sandboxed items and another listing user sandboxed items. I’m actually surprised it wasn’t designed like this in the first place…

I like this idea! :-TU

Ok. One last quote from egemen:

We will be including a window where you can see all the sandboxed applications and information about them.

Keep in mind that Comodo just started with the sandbox. And assume that v 4.0 is the beginning of things to come; there is a continuous process of innovation going on at Comodo’s when it comes to the sandbox.

All very sensible there.
Another option would be to have different coloured text to differentiate sandboxed/unsandboxed processes.

Instead of option, what about in addition to? I think looking at the active process list and have color differentiation between normal and sandboxed processes is a very cool idea! :-TU

+1

that would be a good wishlist topic.

+1

Here are some sample pics I posted in the usability forum (for mods only).

Whoop

[attachment deleted by admin]

Very good idea!

That approach would cripple the process tree hierarchy and prevent anybody to confirm what process spawned the sanboxed ones: :frowning:

Since such infos are nor even mentioned on CIS alerts , D+ active process list would be the only place left to confirm such details.

+1 :-TU color coded active process list would be a nice idea:

While one color could be used to easily distinguish all sanboxed apps, specific columns could be used to enumerate the restriction type

Yes, I see your point…my intention was to show the sandboxed processes in the process tree (as they would usually appear), but the sandboxed applications would also be summarized in a list below the process tree. I guess listing the processes twice would be redundant. Somehow, they should have a summary that only lists the processes in the sandbox (and no other processes), perhaps under the sandbox tab in defense+.

See the attached sample pic…some like that?

[attachment deleted by admin]