Difficulties in Autosandbox

How can I create a rule to launch all the executables automatically in sandbox if and only if they aren’t from one specific folder (for example: launch everything in autosandbox if they aren’t from C:)? Or, if that can’t be done, to run everything from one specific folder in autosandbox (for example: launch everything in autosandbox if they are from D:)?

Now a somewhat unrelated thing (with version 8.4.0.5165, always did a clean install between major versions): I tried adding some semplified rule just to do some experiment, but I failed miserably:
‘Run Virtually’ in Action, ‘Executables’ in Target, ‘V:*’ in Created By from Sources
with this every executable on C:\ was launched in sandbox, while unknown executable on V:\ did give me an HIPS alert instead of the opposite!

Not a rule specialist if I may say so but it looks easy. Unless I misunderstood, attached an example.

Thank you, that solved it. The key was to add an Ignore rule for everything else! Maybe it should be added by default to the bottom of the list?
But now there is a little weird thing: starting for the second time the same application doesn’t pop up anymore this kind of alert https://help.comodo.com/uploads/Comodo%20Internet%20Security/631137d44fcd6fca2cd5209d280f8455/5eac818f1e1c4adc19d335055b06586b/d00751f8617f8e57a6e28082844365d6/Sandbox%20notification.png altough I didn’t click any of the buttons!
Also is https://help.comodo.com/uploads/Comodo%20Internet%20Security/631137d44fcd6fca2cd5209d280f8455/5eac818f1e1c4adc19d335055b06586b/e30a9b563b82fcd53d9ca117381acbfe/cis_def7.png the default list of rules of the latest stable version?

By the way: is your version the latest beta? Where is now the option about file source tracking? Is disabled the default behaviour?

It will only show for the first time when an application is sandboxed, but a wish has been created to always show the notification here.

Also is https://help.comodo.com/uploads/Comodo%20Internet%20Security/631137d44fcd6fca2cd5209d280f8455/5eac818f1e1c4adc19d335055b06586b/e30a9b563b82fcd53d9ca117381acbfe/cis_def7.png the default list of rules of the latest stable version?
Yes for the Internet Security Configuration on the latest 8.4
By the way: is your version the latest beta? Where is now the option about file source tracking? Is disabled the default behaviour?
Yes, and the file source tracking is done differently in CIS version 10 than it was in version 8.x and is always on regardless of which component is disabled (AV,HIPS,Firewall,auto-sandbox,viruscope,web-filter)

Ok thank you.
Now it would be good if it was possible to launch everything in autosandbox if they aren’t from C:, for example: restrict any pendrive; I could make a custom group in File Groups listing every letter except ‘C’, but what if a pendrive has a custom name?!

Set the file origin criteria to removable media or use the single character wildcard ? so ?:* in file location.

I’m not familiar with wildcards, but using that one wouldn’t include also C:\ which I don’t want?

Using “removable media” it doesn’t work!
Having in Target "E:" (<- for example) and anything else in the “run virtually” rule works. But having Executables in Target and “all applications” in Sources with Removable in Location and anything else more, doesn’t work (I tried manually starting an .exe)!

You make the first rule to ignore everything on C:\ or whatever your local drive letter is, then make the wildcard rule as the next rule, then finally use the removable media origin rule, see screenshots.

I did what you said, but it doesn’t work. Note that I have v8.4.0.5165 (last version, and I don’t want to install a beta version).
By the way why there is also that top rule? The third shouldn’t cover the first too?

CIS 10 has been released as a final/stable version: Comodo Forum. Auto-sandbox rules, just like firewall and HIPS rules are checked in the order they are listed from top to bottom until a rule is matched. Any application that is executed from a file path with of any drive letter will be sandboxed, and any application that is executed from a removable media will also be sandboxed, if you copy from removable media or from another drive letter to the local C:\ drive, then it won’t be sandboxed because of the ignore rule that takes precedence over the two rules below it.

Well…I tried sorting the rules like you put on “rule list.png”, but now I read better the real order I should try (Ignore on top), but I will do it somewhere in the next week, thank you.
As for the redundant rule: I was thinking that any drive with a letter different than C would be necessarily a removable pendrive, at least on my pc…