I have HIPS off but BB on and set to restricted. If I try installing something that Comodo shows as unknown I get the isolate warning pop. I hit don’t isolate again and close the app. Upon launching the app again to install it I get a generic memory error.
I don’t see the app in any lists to remove it. But I can’t install it or launch it at all anymore unless I turn BB off to do the install.
So, in the example in the log I’m trying to install, obviously, Star Wars Online. I’ve tried the installer I had, and just in case, grabbed the latest from bioware as well.
The file is added to the trusted file list. As you can tell from the logs, even though it’s in the file list and even though I choose to not isolate it again. On every launch it is getting thrown into the sandbox restricted. This is not the only installer this is happening with. But just a single example.
Try giving the installer the installer policy. go to the advanced options → hips rules → add the install and give it the “install/updater” policy
another option you could try is excluding the installer from the BB
go to advanced settings → Behavior Blocker → enable “define exceptions for behavior blocking” then select the exceptions button and add the installer.
When I add any of them as exceptions to BB (and to hips even though I have it off), I no longer get the isolate prompt, but the installs still don’t work. Which brings me to another question, why isn’t the don’t isolate again option working?
Even after doing all of that, the various installers are still showing up in the defense logs as sandboxed and restricted.
If I disable BB, I can run the installers. But that defeats the purpose, doesn’t it?
After you respond with the “Do not isolate again” prompt, did you try and reset the Sandbox before launching the installer again? If you disable BB (and run the installer) what processes does Killswitch show are being called by the installer?
With HIPS off and BB auto sandbox off, swtor_setup.exe extracts files to the temp folder in the user directory and then kicks off installer.exe. At that point installer.exe is analyzed and then rated as trusted (installer) and the install goes as expected.
Thats how i use it.
I find auto sandbox more annoying than a question.
And safe mode more easy than clean pc mode.
The main difference will be:
Unknown things will not get restricted if they get allowed.
In safe mode, if you would get a digitial signed trusted malware, your system might get infected without a sandbox, when you run it.
But as you say, you had to disable the sandbox at certain points to do something. So, malware could imitate that “need” too.
If you know what you do, you are safe without automatic sandbox.
You could browse within the fully virtualized comodo sandbox though, for example.
Just dont forget that you dont have the auto sandbox enabled anymore! Thats important.
I would suggest to switch to “proactive configuration” (The settings are saved by configuration. So you may need to make the settings for the new configuration.)
I ended up going back to internet security profile from proactive. As in proactive, even with auto sandbox off and hips on, I was then running into issues where installers would error out part way through and got no notifications from comodo. Nor were any of these showing up in any of the logs.
If I turned off hips, installs were fine.
Switched back to the internet security profile, I still can’t use auto sandbox, but I haven’t encountered any issues yet with HIPS being on.