Comodo review part 2 by Remove-Malware (Matt)

Looks good. I would like to see a bit more subdued color. Sorta like Process Explorer does.

Indeed.

Guess it depends on what this feature aims to provide:

Some members suggested an immediate visual indication (eg symbol # in app title, colored borders) but this will work only on application with a GUI (AFAIK malware cannot be assumed to have always one)

Both the active Process list and a separate summary won’t provide such an immediate indicator (I guess some might actually wish to easily confirm they didn’t start the application they meant to be sandboxed while they left the sandbox disabled)

A Baloon notification(eg the old one now disabled by default) could be a way to provide immediate but unobtrusive feedback about any sandboxed application regardless if they have a gui or not (ATM only automatically sandboxed apps are notified through a new kinda cumbersome alert)

For those applications with a GUI, here are some sample pics of ways to signify that they are in the sandbox. I like the idea of easily identifying which open windows are in the sandbox (without having to open CIS). Of course, these applications must still be listed in the active process list.

Basically, this is what I propose:

  1. List all running processes in the active process list and clearly indicate which ones are sandboxed.
  2. For programs with a GUI, indicate that they are sandboxed by using a graphic indicator in their open window (or at least have an option to do so).
  3. Maybe have a separate list of sandboxed processes under the sandbox tab (see pic below).

[attachment deleted by admin]

Isn’t a visual border or alike a way to confirm that such applications were not launched while the sandbox was left disabled by chance?

(ATM automatically sandboxed apps are already notified whereas the user would be already aware of what application manually chose to run sandboxed everytime…)

If the purpose is to easily highlight sandboxed processes without loading CIS, focusing only on windowed applications might not be a consistent solution:

eg: it is possible for an user to permanently sandbox a windowless application and there would be no reason to not provide immediate feedback in that case as well.

Having a baloon message (the old type) would be a way to provide immediate notifications consistently using the same approach for both windowed and windowless applications:

When such apps will be sanboxed the baloon message (or even the alert) could also provide a link to view active process list.
This way users have a chance to notice & access even that feature (eg during video-reviews: in such case they would get a process tree which already highlight unrecognized apps and won’t have to run Task manager like they used to do ;D )

In addition there could be some slight modification that accounts for alerts about automatically sandboxed apps:
If the Automed sanbox alert is enabled the baloon message would only notify about permanently/manually sandboxed apps.
If the Automed sanbox alert is disabled the baloon message would notify about both permanently sandboxed apps and automatically sanboxed ones.