have a question about sandbox?

suppose one file or programme has been sandboxed,and i want to move it out of the sandbox. i go to the my pending files,submit the file or the programme to cis and move it to my safe files.however later comodo lab found the file i submitted is a virus and updated the signature database of cis4.1 on my computer.would the av-scaner of cis4.1 on my computer scan the file as a virus or simply not scan the file at all just because i have moved the file to my safe files?

Is not secure to move a file from Sandbox to “My own safe files” as long as the file has not been analyzed by the laboratory. You risk giving rights to a program which maybe, you can find it later as
malware. The safest is to move a file from Sandbox to “My own safe files” when you’re sure it is not malicious.

or you can wait and when the system is up and running completely comodo will move it automatically for you.

well,of course,the reason i want to move a file from my pending files to my safe files,is that i am sure the file which has been sandboxed is safe.but that does not imply comodo would found no malwarefrom it after their analysis.

second,it’s also very unconvenient for me to wait untill comodo move this file automatically out from the sandbox.since it’s too long time wait for comodo to have their analysis finished.

Good point

I have some questions about the sandbox.

A: CIS automaticly sandbox some of my files. These files goes to my pending files. Will they stay there and automaticly be submitted to comodo for analazing? Will they,if they are found clean, automaticly be moved to my own safe files?

B: Is CIS sandbox ok to use alongside sandboxie? Is use CIS 4.1.149672.916

A: The pending files will automatically be submitted to Comodo and depending on the outcome of the analysis will be moved or in “My own safe files” or in “My blocked Files”

PS: You can find more information about Sandbox here: https://forums.comodo.com/defense-sandbox-help-cis/introduction-to-the-sandbox-t53268.0.html;msg377448#msg377448

B: yes

I believe the files that you manually add to your safe list are still scanned by the AV. Can anyone please confirm that for me? Thanks.

I’m afraid it doesn’t ;D

because when the AV detects something it asks you what to do , one of the options there is to ignore it and move it to my own safe files ,so i suppose it doesn’t scan it

I thought when you did that it moved the file to your safe files list and added it in Antivirus / Scanner Settings / Exclusions.

Can someone check and see if this is the case?

Unfortunately due to heightened kernel security measures CIS v4.1 will not allow the Sandboxie driver to start.

~Maxx~

I tested on my computer and I noticed that if a file is added to the antivirus / Scanner Settings / Exclusions,
then file will not be seized as malicious. If the file is added only in “My Own Safe Files” is further detected
as malicious.

It would be good though that this will be confirmed by a dev who knows better how AV works in the CIS.

Ovidiu