How safe is BB auto sandbox - fully virtualized

Can viruses escape BB fully virtualized and is it safer than untrusted or blocked??? I only ask as several forums have said it causes a lot of problems and viruses can escape

If you’re aware of a virus that can escape the sandbox, I’m sure Comodo would love to hear about it…

Can you elaborate on this? What reports are there on other forums about viruses that escaped the virtualised sandbox?

What weaknesses are reported by other forums?

Can you provide us with quotes and url’s?

wildersecurity.com

And no, I’m a Cardiologist on-call working +69hrs this week so I cannot, (even if I have time) would not copy and paste a few idiotic quotes, but I am sure YOU have time please read them even!

Comodo forum members are on there saying how ■■■■ the software is… Answer me this, could software that was not malicious (well turned out to be) can you recover it from a fully virtualized sandbox, and will that software be any good, or do I have to re-download??? Final question, was the BB fully virtualized meant to be in the final release, or was it because people kept asking for it, it seems they do not want it available to members as they have removed it, unless one can edit the registry etc.,?

Right… The people who are talking about this making assumptions from the general knowledge but it is not based on facts because none of them tested this out also it is all theoretical. You should not worry about this because even if it can happen it’s rare. How safe? Well as I say CIS 6 is a new kid on the block and still need to fix some minor security and stability bugs like with all new products. So somebody can find a bug in CIS 6 and exploit it including this example. Don’t ask me how.

For your first question I don’t think you need to re-download. For the second one well many things in CIS 6 were asked by users. Only Comodo staff can say for sure.

Also I believe that Comodo staff talked about this issue before if I find it I post it here.

  1. The malicious url can bypass BB with any sandbox level enabled.

  2. The autorun entry was created by the java.exe which is trusted by CIS.

  3. The exploit kit is very rare.

  4. The sample is dead now.

  5. The virtualized browser is more secure than BB because the java.exe is virtualized.

  6. In the following picture, OA can block unknown autorun entries created either by unknown applications or by trusted processes.

[attachment deleted by admin]

Sorry for the above reply we lost a child who I’d got to know very well, shock to us all. I enabled fully virtualized as I no how to change the registry etc., that’s why I asked

I found this but it’s about BETA… I’m still trying to find some info from Comodo staff.

https://forums.comodo.com/beta-corner-cis/can-automatically-sandboxing-unknown-apps-as-fully-virtualized-harm-computer-t87338.0.html

They did add the BB being fully virtualized to the final release because people asked for it. It will only ever be available as a registry edit because the developers only want advanced users using this feature due to the potential complications with a large number of applications.

Since they can’t guarantee compatibility with every application, they’ve chosen to put these potential issues in the hands of the user.

People that are comfortable editing their registry are much more likely to understand that the option they’ve enabled is the reason the application they’re trying to run isn’t working, instead of the average user who only knows that their application doesn’t work with CIS installed, and they will just uninstall CIS.

1.By default, many users do not use the virtualized browsers because there is only one shortcut in the desktop, Virtual Comodo Dragon.lnk.

2.Will CIS installer give an option?
“Scan existed files which should be force-sandboxed, and add shortcuts for all of them”

for example, the browsers.

I agree with you.
I think the browsers should be forced sandboxed just like the way DefenseWall HIPS handle browsers, and sandboxed as partially limited is enough .

I don’t want my browsers being forced to being sandboxed, and especially not as long as comodo can’t run java in virtualized browsers.

seems to be safe. ran couple fake avs and no damage was done to the system

What about ransomware?

didn’t test that
from what i notice. it may not work since it might detect that it is virtualized. or it would pop up with the green outline and you would still be able to use the computer.

If I remember correctly ransomware was tested in the fully virtualized sandbox during Beta testing and no damage was done to the actual system. Thus, it should be safe against ransomware as well, although of course files in the fully virtualized sandbox may be encrypted those on the actual computer should be safe.