From what I see of the configuration settings, the user can have a prompt appear when Defense+ decides to auto-sandbox and unknown application. Well, that helps the user to know the sandboxing happened for an unknown app. How is the user to find out if a program they added to “Programs in the Sandbox” (a bad title since it means what programs are in the sandbox, not which ones are eligible for sandboxing when they are later executed) actually got sandboxed?
One of the effects of Comodo’s sandboxing is to reduce privileges on the sandboxed process. I can see that by using SysInternals’ Process Explorer but that is a hell of a nuisancesome workaround to determine just what Comodo’s product is doing, plus it only shows that privileges were reduced (and is NOT what sandboxing is about).
From what I have read in other posts about the sandbox feature, there currently is no means provided to users to show them just what has been sandboxed. I can’t recall a sandboxing tool that didn’t show the list of apps running under the protected or virtualized environment. This would be the first one missing that essential monitoring function. Has anyone come up with a reasonable workaround for Comodo users to determine if an application is sandboxed or not? Just because the user put it in a list doesn’t mean they actually get sandboxed. Some users, like me, would like some real evidence of such. I can use Process Explorer but that only gives partial info that the app might’ve gotten sandboxed, but that method sucks.
The first thing I did after adding the web browser to the “Programs in the Sandbox” list was to go run the web browser and then try to find out if it really got sandboxed. Well, no such evidence of such can be found using the Comodo product. Considering this is a security and protection tool to thwart malware, it is quite naieve to tell users “Believe us, it’s isolated, for sure, trust me.” Since the whole premise is based on mistrust (red-green execution environments), trust on protection is something that has to be exhibited, not assumed.
When an object is sandboxed, it will appear under MY PENDING FILES.
Don’t ask me why it is there - I have no idea and am just grateful it shows up somewhere.
I had been disabling the sandbox but now I submit the files in MY PENDING FILES and then (assuming they are known legit apps) add them to MY SAFE FILES. If they are unknown, I leave them in MY PENDING FILES.
Before anyone else comments, I believe that this method, while workable, is certainly cumbersome and not apparent. It works, but a fur lined sink would also work. In both cases, we have to ask WHY?
I can see why it might be under the My Pending Files list if it was auto-sandboxed (i.e., an unknown application). However, I’m adding the web browser to the Programs in the Sandbox list (i.e., I am manually adding the app or doing an on-demand sandboxing). Will the manually sandboxed app still get listed in the My Pending Files list?
Also, I do not subscribe to the Threatcast feature. This supposedly gives information about what other users have chosen regarding blocking/allowing an application. I’ve never found this info of value to me (I’m not interested in “community voting” on whether something is malware or not, and why I’m not interested in some of the cloud anti-malware, like Panda, or the community anti-malware, like Spamnet which became Cloudmark when they yanked away the free version and went commercial). Since the point of Threatcast is to monitor my allow/block choices and add them to their database, will auto-sandboxed apps still get put into the My Pending Files list? Does the submission to Comodo still happen for auto-sandboxed unknown app still occur if I am NOT participating in Threatcast?
In summary:
Will a manually sandboxed app still show up in the My Pending Files list?
Will a sandboxed app show up in My Pending Files if I am not subscribing to Threatcast?
Threatcast has nothing to do with MY PENDING FILES. If you subscribe to Threatcast, it will present the choices of others and your choice will be added to the Threatcast DB. It does not affect whether something is added to MY PENDING FILES.
Does the submission to Comodo still happen for auto-sandboxed unknown app still occur if I am NOT participating in Threatcast?
If, by submit, you mean the response to an alert is transmitted for inclusion in Threatcast, then No. If, OTH, you mean file submission to Comodo for analysis, then this will only occur if you select to submit the object from within the MY PENDING FILES window.
