How to automatically sandbox all unknown files in CIS 8 like CIS 7 and CIS 6

Hello guys,

As you know, we have improved sandboxing CIS 8 in such a way that automatic sandboxing can be configured in a more granular way. For exmaple, you can now configure CIS to automatically sandbox unknown files downloaded from internet only etc. By default, we have fine tuned it. But if you still want to have it the old way i.e. auto sandbox all unknown files regardless of the origin, you just need to make the following adjustments:

1- Open Advanced Settings->Security Settings->Defense±>Sandbox->Auto-Sandbox
2 - Double click on the 3rd rule(Check the attached screenshot)
3 - A window will be opened. In that window change the origin from Internet to Any(Check the attached screenshot)
4 - Press OK in all Windows.

This will be enough to make CIS work like CIS 7. IMO, this type of sandboxing will be too aggressive in some PCs but as long as you are happy, there will be no problems.


[attachment deleted by admin]

Is that window available in Proactive Mode? I don’t have the same menu as in your right hand photo (see attachment). I just have the third line set to Blocked.

[attachment deleted by admin]

That 3rd rule in your config BLOCKS instead of sandboxing. It is not the standard rule. Have you changed the rules?

Btw, default proactive config already sandboxes all unknowns. In yours all unknowns are blocked.

It was set to Run Virtually when I installed CIS. I changed it to Blocked so I could get the similar v7.0 behavior. I did try the other rules but the menu remains the same.

On another note, is it possible to prevent the population of files in the Auto Sandbox window for files that I send to the Trusted Files List? I have to keep clearing the window because when the alert comes up and I choose “Don’t isolate it again”, the file is added to the Auto Sandbox window as “Trusted”.

I found the difference. I switched to the Internet Security configuration and I got the window that the first post shows. I guess Proactive Security has different default settings. Good to know. :wink:

Hello, I wanted to ask a question.

If unknown executable is being virtualized, it gets to the unrecognized files list on both CIS7 and CIS8. But if the file is being blocked by autosandbox, CIS7 adds it to the UFL while CIS8 does not. Therefore, it was easier to deal with unrecoznized files on 7 verson.

Is this intended change in behavior?

I was wondering this issue.

QA answer

This behavior is by design because Windows explorer.exe is not launched file and Cloud Look can't recognize file.

Savit, thanks for figuring it out.

This method is feasible, if you run an unknown application more than once, the application will move to the list of trusted