Help me understand CIS Sandbox

From my understanding:
All untrusted/unknown programs will go into the sandbox. This is great for people like my dad.
I can manually put a program into the sandbox.
Programs in the sandbox will run just like they were installed normal.

My questions:
Programs in the sandbox will not have access/ability to edit my document or windows files?
How do I empty the sandbox?
If I install a trojan, will it have access to the internet?
From my reading a program running in the sandbox can drop off payload. So could it technically keeping making files until it filled up my entire hard drive?

Thanks for your help. I believe I understand sandboxie, but Comodo is using their sandbox in a little different way.


here is a video that may be helpful…


Thanks for the reply. I watched the video and I have the basic understanding. I have also looked at the wiki page. I am looking for a little more detail please…

Which wiki page?

Comodo Internet Security's new sandbox is an isolated operating environment for unknown and untrusted applications. Running an application in the sandbox means that it cannot make permanent changes to other processes, programs or data on your 'real' system. Comodo have integrated sandboxing technology directly into the security architecture of CIS to complement and strengthen the Firewall, Defense+ and Antivirus modules. Applications in the sandbox will be executed under a carefully selected set of privileges and will write to a virtual file system and registry instead of the real system. This delivers the smoothest user experience possible by allowing unknown applications to run and operate as they normally would while denying them the potential to cause lasting damage.

After an unknown application has been placed in the sandbox, CIS will also automatically queue it for submission to Comodo labs where it will be analyzed by our technicians. If it is found to be harmless then it will be added to the global safe list that will be downloaded by all CIS users in the next round of updates. Once it is added to the safe list, the application will no longer be run in the sandbox by CIS (unless the user explicitly places it there). Conversely, if the application is found to be malicious then it will be added to Comodo’s list of malware signatures and will be deleted after the next round of updates. The obvious benefit here is that the malware was not able to wreak any damage in the meantime.

By uniquely deploying ‘sandboxing as security’, CIS 4 offers improved security, fewer pop-ups and greater ease of use than ever before.

From Help file.

This wiki page on sandboxes: Sandbox (computer security) - Wikipedia

I understand Comodo is using the sandbox for unknown applications that could be malware.

Let me reword the questions:

If I run keygen.exe and it is a trojan in the sandbox, will it be allowed to send out any information via the internet?
Will it be able to edit/delete any of my files? I know sandboxie it would not be able to do either, but reading Comodo it sounds like the privileges are set a little higher.
How do I empty the sandbox program? I understand if Comodo put it there they will remove it, but what if I put it there.

Thanks for any help. Sorry if the answers are obvious…

Introduction to Comodo sandbox: here.

Best wishes