1. What actually happened or you saw:
PDF files open freely and ransomware often spread through PDF.
It would be a good idea to have them auto-sandboxed automatically no matter what
2. What you wanted to happen or see:
I would like to have COMODO auto-sandbox PDF files
3. Why you think it is desirable:
Ransomware often spread through PDF. Moreover, PDF files need not be modified. They are read-only anyway.
So opening them in sandbox will not hurt the productivity of functionality of the computer of the PDF file.
4. Any other information:
I think it’s easy to implement, you can just add a predefined rule in Sandbox module for PDFs
Do you mean that CIS should have a sandboxed PDF viewer, or should CIS always sandbox whatever PDF viewer or editor the user may have installed? Or what does “auto-sandbox PDF files” mean?
Auto-sandbox should mean that any PDF files should open in default PDF viewer that the user has -in sandbox- regardless of the PDF viewer (if that is possible).
Or, if this cannot be done (and i know the latter involves more work), COMODO should detect any PDF viewer app
available and run it sandboxed.
Please check this short video and you will see what I mean :
Since you can’t run PDF by itself (you need PDF reader), if you want to sandbox PDFs you can add a sandbox rule to always start your PDF reader sandboxed.
The type of malware mentioned in the video are usually executables that LOOK like PDFs. Meaning they usually have a PDF icon and a name like Important document.pdf.exe
But unless you set up windows to show all extensions, you won’t see .exe part, you’ll only see Important document.pdf part, that makes you think it’s a PDF, when it is really an EXE.
And all unknown executables are sandboxed by default rules.
So I voted “no”.
I think you can easily remedy it by auto sandboxing your pdf program.
Currently PDF files opened from users temp folder and from removable media are monitored by heuristic command-line analysis, which was thought to be a bug but have since been marked as debatable. I have linked this wish with the one that is already logged in the mod tracker, to change analysis for PDF files from all locations.