Files and Folders Sandbox Exclusion Bug

A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
Always
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Go to Sandbox Settings
2: Click on “the specified files/folders”
3: Add File then put this “%LOCALAPPDATA%\Google\Chrome\User Data\Default\Bookmarks” without quotes in the filename textbox
4: Run Google Chrome in the sandbox then modify or add bookmark
5. Exit Google Chrome
6. Run Google Chrome then you’ll see all your bookmark vanished.
One or two sentences explaining what actually happened:
For security reason I want Google Chrome to run always in the sandbox without affecting my bookmarks upon sandbox reset.
I know chrome has feature to store and sync my Bookmarks, Tabs, History from there server but I don’t want to use that for privacy reason.
I don’t want also to be signed in to Google Services.
One or two sentences explaining what you expected to happen:
I expect that any addition or modification on my bookmarks will be save outside the sandbox.
If a software compatibility problem have you tried the advice to make programs work with CIS?:
N/A
Any software except CIS/OS involved? If so - name, & exact version:
Google Chrome v46
Any other information, eg your guess at the cause, how you tried to fix it etc:
The problem is when chrome rename a temporary bookmarks file to Bookmarks which has a path excluded in the sandbox.
The function NtSetInformationFile with FILE_RENAME_INFORMATION structure returns a Pending Delete Status.
The function is expected to return success status

B. YOUR SETUP
Exact CIS version & configuration:
Comodo Firewall 8.2.0.4703, standard configuration
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
D+/HIPS Safe Mode, Autosandbox enabled, Viruscope Enabled
Have you updated (without uninstall) from CIS 5, 6 or 7?:
No.
if so, have you tried a a a clean reinstall - if not please do?:
N/A
Have you imported a config from a previous version of CIS:
No.
if so, have you tried a standard config - if not please do:
N/A
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 8.1, 64 bit, UAC On, Account Admin
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
No

Is “Bookmarks” a folder? In that case try adding * at the end so it’s \Bookmarks*

Not a folder, it’s a file with no filename extension

I can’t replicate.

Added “%localappdata%\Google\Chrome\User Data\Default\Bookmarks” without quotation marks to “Do not virtualize access to the specified files/folders” and bookmarks added in Virtualized Chrome are showing up in Chrome running on normal system.

Btw, have you tried clearing the sandbox? If there’s already a Bookmarks file in the virtualized environment then it will continue saving in there instead of the one on the system, so I’d recommend trying to reset the sandbox so no previous bookmarks folder is in the virtualized environment.

Yes, sandbox is clean.

As the steps above, after applying the exclusion you need to run Chrome and modify(should have existing Bookmarks) your bookmarks either delete or add. In doing so, Chrome will create a temporary bookmark file which store the latest modification and then rename Bookmarks to Bookmarks.bak then rename the temporary bookmark file to Bookmarks which the NtSetInformationFile function returns a Delete Pending Status this is probably because of SetSecurityInfo function applied to temporary bookmark file. In the end Bookmarks file is deleted in Chrome’s Profile. So when you exit Chrome and run again all your bookmarks are vanished.

Btw, I try adding wildcard () on the file. So it looks like this in the end …\User Data\Default\Bookmarks. I know it’s not a valid entry when you purge since it’s not a folder nor a file, it is a mask on file. The purpose of this is that any file having prefix of Bookmarks in “…\User Data\Default” Directory will be save outside the sandbox instead of adding them 1 by 1 and these files are sometimes temporary and randomly generated filename with that prefix, so it doesn’t exist when the app is closed.

I was comparing the Chrome’s Profile and the sandbox files. The files having the Bookmarks prefix are save outside sandbox, any other file change are save in the sandbox. So masking on the file is working but the issue still existing.

Please attach :
a) diagnostics report ;
b) video with exact steps.

Thank you.