CygWin overloads the Sandbox [Title modified]

Cygwin brings a lot of handy tools (there are literally hundreds of small executable files) previously only available in Linux systems to the Windows platform. These programs are compiled on ones own system and are thus not digitally signed. As a result the Comodo Sandbox wants to sandbox every single one, but this does not work and causes them to crash.

So is it possible to have Cygwin and still use the Comodo sandbox?

The only way I found was to add all cygwin files to the My Own Safe Files list, but this causes about a thousand entries. I find this list very inconvenient because you cannot handle several entries at the same time, except if you start clicking every single entry (again: a thousand entires) and there’s no filter option. So this cannot be the right approach.

Also with this huge list of entries, Comodo often crashes and when restarting, the entire list of My Own Safe Files is empty…

Hi

Is there some file from which all cygwin files can be run. If so define it as an installer/updater in the computer security policy.

Else install an Windows explorer substitute - see www.techsupportalert.com - or create a web/document page with links to all the executables. DO NOT use the explorer substitute for any other purpose. Define the substitute as an installer updater.

NB defining something as an installer updater removes most D+ protections from all files it runs, I assume cygwin is genuinely safe!

Hope this works

Best wishes

Mouse

Thanks, this seems to work :). All executables are normally run from a terminal, so one can set this terminal (e.g. mintty.exe) as an updater/installer.

Just don’t use it for anything else, or to run anything risky. Glad to be of help.

Mouse

On reflection need to move this to Bug reports if that’s OK.

Would you be kind enough to post system details?

Best wishes

Mouse

Hi, ixion
Do you have any CIS crash dumps for the crashes you have mentioned?
Also please specify your Operating system and other security products installer if any

I’m using the 32-Bit version of Windows 7 Home Premium. I don’t know if I have crash dumps, is there somewhere I should look for? The firewall crashed silently: the window closed, it disappeared from the task menu and that’s all there was. There was no window reporting the crash. I do have a security suite called “BullguardSecurity” in the background, which was shipped together with my computer and always keep bugging me for a registration.

Here are the system details we need for a bug report: here.

If you can post these it will help the devs to fix it!

Best wishes

Mouse

I am facing this same issue and not sure how to use the workaround mentioned. I am a new user of comodo, so I would appreciate a little more description. THanks

If you install a Windows Explorer replacement like say XYexplorer (last free version from www.techsupportalert.com), and set it not to replace Windows Explorer, then you can use it to view the Cywin directory and start files by double clicking on them. To prevent these files being sandboxed all you need to do is to add say XYexplorer.exe to the computer security policy (D+ ~ Advanced ~ Computer Security Policy ~ Add) with the pre-defined policy of ‘installer/updater’. But you must only use XYeplorer to launch files you absolutely know to be safe.

Hope this helps

Mike

That is now how you would use cygwin, at least you don’t get to use the full power that way. You start a cygwin shell (either via cmd/console or other native console apps such as mintty or rxvt) and execute other commands from it, although you could certain execute any cygwin command directly from a dos cmd/console. Comodo really drove me crazy trying to use cygwin. For every program that I tried to run, there were several sandbox prompts (each one repeating 3 to 5 times with no option to remember the choice) and the commands would simply terminate without even getting blocked on the user response towards prompts (as a comparison, I had Online Armor before and the first time I run a new cygwin program, it would prompt me to allow it, and until I responded, the cygwin program would simply hang). Comodo is really messed up in this regard, so I am for now uninstalling it and will wait for Online Armor to support 64 bit (it worked great when I switched from ZA on my XP and would continue using it if not for the fact that I migrated to Win7 64 bit).

Sorry you are having this problem

If there is a shell program, then you can define the shell as an installer/updater. Just don’t run anything else from it.

There is a post above about the use of a terminal program, too.

Best wishes

Mouse