1. What actually happened or you saw:
PDF files open freely and ransomware often spread through PDF.
It would be a good idea to have them auto-sandboxed automatically no matter what
2. What you wanted to happen or see:
I would like to have COMODO auto-sandbox PDF files
3. Why you think it is desirable:
Ransomware often spread through PDF. Moreover, PDF files need not be modified. They are read-only anyway.
So opening them in sandbox will not hurt the productivity of functionality of the computer of the PDF file.
4. Any other information:
I think it’s easy to implement, you can just add a predefined rule in Sandbox module for PDFs
Do you mean that CIS should have a sandboxed PDF viewer, or should CIS always sandbox whatever PDF viewer or editor the user may have installed? Or what does “auto-sandbox PDF files” mean?
Auto-sandbox should mean that any PDF files should open in default PDF viewer that the user has -in sandbox- regardless of the PDF viewer (if that is possible).
Or, if this cannot be done (and i know the latter involves more work), COMODO should detect any PDF viewer app
available and run it sandboxed.
Since you can’t run PDF by itself (you need PDF reader), if you want to sandbox PDFs you can add a sandbox rule to always start your PDF reader sandboxed.
The type of malware mentioned in the video are usually executables that LOOK like PDFs. Meaning they usually have a PDF icon and a name like Important document.pdf.exe
But unless you set up windows to show all extensions, you won’t see .exe part, you’ll only see Important document.pdf part, that makes you think it’s a PDF, when it is really an EXE.
And all unknown executables are sandboxed by default rules.
Currently PDF files opened from users temp folder and from removable media are monitored by heuristic command-line analysis, which was thought to be a bug but have since been marked as debatable. I have linked this wish with the one that is already logged in the mod tracker, to change analysis for PDF files from all locations.
: