how does avast sandbox differ from comodo sandbox

from what I read the auto sandbox is in avast free and virtualizes suspicious programs but I’ve heard on the comodo forum that avast sandbox is different. how is it different.

The default sandboxing with CIS limits the rights of a program but it does not virtualise file system or registry. When you manually sandbox a file it will get virtualised.

I thought that the Avast sandbox only sandboxes programs if they are suspicious.

However, I haven’t done any research on that. Can someone please let me know if I’m right?


The term “sandbox” has no single meaning. For an Operating System the idea is to create a mechanism by which a program file’s access to the File System, Registry, etc, takes place in in a separate area, while simultaneously appearing to the sandboxed program, as if it really does have full read/write access to the real system.

In the case of autosandboxing, if Avast Free assesses a DLL, EXE, etc, as potentially ‘dodgy’, it will prompt the user (by default) to run it sandboxed. By comparison, any such file not ‘approved’ by CIS will, as ‘EricJH’ said, have its system access rights limited. There is talk that Comodo will introduce a virtualized sandbox in CIS 6.

I thought that both cis sandboxes were not actual virtualization because the controls for both on demand and auto sandbox are identical

Automatic sandboxing with CIS does not virtualise registry or file system. Manual sandboxing does virtualise.

With v6 the automatic sandboxing will also virtualise file system and registry.

how do the effects of partially limited, restricted, etc for the fully virtualized manual sandbox differ from the effects of partially limited, restricted, ect for the non virtualized auto sandbox? also do you know if cis manual sandbox has an auto recover feature like sandboxie or do you have to locate downloads in the virtual folder if you download files while manually sandboxing a browser

The restrictions are the same, the difference being whether or not they are being applied to the physical file/registry system, or the virtualized one.

With the manual sandbox, even though the file/registry system is virtualized, it’s conceivable that a user may wish to limit the access restrictions, just as with a physical machine. Sandboxie also allows you to impose restrictions on applications running in the sandbox.

There is no auto-recovery feature in regards to the manual sandbox. You need to transfer files from Vritualroot manually if you wish to utilize them on your physical system.

that’s awesome that cis allows you to implement 2 methods of sandboxing on an app at the same time. so any file that is downloaded while the browser is running in the manual sandbox is also fully virtualized as well as having restriction in the virtual environment? also any word of an auto recovery feature being added in version 6 or any other future versions.

Avast retail versions also have user-initiated/configurable sandboxing (see images)
I’m currently not using CIS so I don’t know whether it has already been added but it would be good to have similar context menu options (1st mage)

[attachment deleted by admin]

that would be some good options to add to cis sandbox as well

what is the difference between the auto and manual sandbox on comodo

The automatic sandbox is a restriction based sandbox, much like the Chromium web browser sandbox. It limits the access rights an application has.

The manual sandbox is a fully virtualized environment. Meaning, everything an application does is kept separate from your OS’s registry and file system.

So, which one is better? Avast Sandox or Comodo Sandbox (with or without full virtualization).

what do you mean by better?

Thanks It says at poste 3 here

“N.B. Virtualisation in CIS is usable but still not mature - so it may not completely achieve the above purposes. We expect it to improve greatly in forthcoming releases”
That was in March 2010 .Is virtualisation complete/mature now in version 5.9.219863.2196

Only if Avast “detects” that its a suspicious file, then it sandboxes it. If there is a malware that it doesn’t detect then it doesn’t sandbox it.

Comodo sandboxes “ANY” unknown files.

What I meant is why we could say that CIS sanbox would protect me better than AVAST sandbox.

But Melih answer my question and now I see very clear the difference between both:

Thank you.