Right now when an unknown application is isolated, the user can click “Don’t isolate it again” with no confirmation of the action by CIS. While for most advanced users this is no problem, it can be a big problem for those who don’t understand the implications. I think Comodo should have the option (which should be enabled by default) of showing an additional alert when the user chooses not to isolate the application again, explaining that while the application is not known to be malicious, it is not known to be safe either, so that the user should only confirm that action if he/she is sure the application is safe. This would definitely make me more at ease leaving CIS installed for computers of all kinds of user!
It is a good idea. maybe have the a CIMA report on it as well so the user can see if it is suspicious to CIMA or undetected.
+1 add a poll please
The poll is already there.
I personally don’t like this type of alert.
By the stated logic, every response the user makes should be questioned by CIS.
You’ve just trusted an application. This application may not actually be safe…
You’ve just added an exclusion to the AV. This file may not actually be safe…
Etc… 88) :-X
Surely even the most novice user will understand that if they tell the application to ignore something, they have just overridden their system’s protection in regards to that file.
By that token, I feel this type of thing is completely unnecessary. It reminds me of this type of message:
“You’ve just clicked Delete. This will permanently remove the file. Are you sure you want to Delete?”
Why yes, I am sure! That is why I clicked Delete… >:(
At a certain point, trying to protect a user from themselves just makes an application annoying.
Yes, good idea :-TU
The things the OP has mentioned, I think the best option would be previous autosandbox alert that was there in one of the CIS version i.e the autosandbox alert mentioned no action required & “Dont isolate again” was under more options i.e the autosandbox alert had the option “more option” & “Dont isolate again” was under “more options”
HeffeD, if you carefully read my first post, I state " I think Comodo should have the option (which should be enabled by default) of showing an additional alert when the user chooses not to isolate the application again". With this being an option, the user who understands the implications can disable such alerts if they are bothersome. I am including myself in this category, I would disable such alerts. However, I am more concerned with users who are not so knowledgeable, and who could put themselves in danger. This additional alert would give a brief description of the risks involved so the user can better understand what is and could be happening, plus it will provide a protection from accidental clicks.
Even if the option “Don’t isolate it again” were under “More Options”, it would still necessitate an alert to better inform the less tech-savvy users.
Yes, I understood your original post. Again, I don’t think such a thing is necessary.
I see your point. But I am more concerned with the users who do not immediately know what an isolated application is, and the risks that may be involved.
As long as this or any additional alerts are optional, I don’t have a problem with the idea.
After all we do have (Optional) additional alerts for less important factors for example ‘Send to Background’ for profile scans/tasks etc.
Sometimes Comodo is labelled as a great product, albeit not recommended for the common user because it is too complicated. This is only going to remain a problem if the common user actually needs to configure the program to start with. The default installation should come well preconfigured to be both strong and as little intrusive as possible, with the extra care of being as clear and instructive as possible whenever user interaction is needed. This way the common user won’t have to change any settings and will be able to use the program easily, while allowing great flexibility for power users and administrators.
I may do not get it well, but…
Without such confirmation,
it could happen program is restrcted,
but should not be restricted to work properly
and the user is not aware it is restricted.
Than user can end in solving the non existing issue with the program,
while the real issue is with rights CIS grants to the program.
Or, am I wrong ?
BTW, Does “dont isolate it again” applies to currect program session as well,
or does the program has to be restarted, not to be restricted ?
It needs to be restarted.
Hm, quite inconvenient, it could be better first to ask before launching…
Just now, I have 2 virtualized svchost.exe trusted processes,
not marking them neither as trusted, neither to be sandboxed.
I am not fully sure it is right…
Indeed, which is why I made a wish for CIS to ask for action instead of instantly sandboxing.
I assume you have previously sandboxed a program in which case it might use svchost.exe for certain things in which case they will also be sandboxed, it’s normal behavior.
But various instances of svchost.exe are hosting processes
for various services running under SYSTEM / LOCAL SERVICE / NETWORK SERVICE builtin accounts.
They are serving to multiple processes, and sandboxing them can have serious sideeffects.
There will still be unsandboxed instances of these processes for unsandboxed applications. Since the applications you use in the fully virtualized sandbox are just that, fully virtualized, they can not (should not) be able to communicate with the svchost.exe that are not sandboxed, so instances of these will start sandboxed for the applications inside the sandbox. Fairly certain it’s expected and normal behavior.
Yes, I see. I was not very bright previously,
at these 2 sanboxed svchost processes are launched by as well sandboxed COMDO cmdvirth.exe
( that was AFAIK sandboxed by COMODO, not myself )