Create a predefined rule to auto-sandbox PDF files [M1662]

1. What actually happened or you saw:
PDF files open freely and ransomware often spread through PDF.
It would be a good idea to have them auto-sandboxed automatically no matter what

2. What you wanted to happen or see:
I would like to have COMODO auto-sandbox PDF files

3. Why you think it is desirable:
Ransomware often spread through PDF. Moreover, PDF files need not be modified. They are read-only anyway.
So opening them in sandbox will not hurt the productivity of functionality of the computer of the PDF file.

4. Any other information:
I think it’s easy to implement, you can just add a predefined rule in Sandbox module for PDFs

Do you mean that CIS should have a sandboxed PDF viewer, or should CIS always sandbox whatever PDF viewer or editor the user may have installed? Or what does “auto-sandbox PDF files” mean?

Auto-sandbox should mean that any PDF files should open in default PDF viewer that the user has -in sandbox- regardless of the PDF viewer (if that is possible).

Or, if this cannot be done (and i know the latter involves more work), COMODO should detect any PDF viewer app
available and run it sandboxed.

Please check this short video and you will see what I mean :slight_smile: :

Since you can’t run PDF by itself (you need PDF reader), if you want to sandbox PDFs you can add a sandbox rule to always start your PDF reader sandboxed.

The type of malware mentioned in the video are usually executables that LOOK like PDFs. Meaning they usually have a PDF icon and a name like Important document.pdf.exe

But unless you set up windows to show all extensions, you won’t see .exe part, you’ll only see Important document.pdf part, that makes you think it’s a PDF, when it is really an EXE.

And all unknown executables are sandboxed by default rules.

So I voted “no”.

I think you can easily remedy it by auto sandboxing your pdf program.

Currently PDF files opened from users temp folder and from removable media are monitored by heuristic command-line analysis, which was thought to be a bug but have since been marked as debatable. I have linked this wish with the one that is already logged in the mod tracker, to change analysis for PDF files from all locations.