How can i change that a process i silently automatic sandboxed? I have some processes running that are listed in ‘My own safe files’ but in spite are automatic sandboxed?
Good question…
same issue here.
An excerpt from the help file:
[i]An application can become recognized as 'safe' by CIS (and therefore not sandboxed) in the following ways:
Being on the global Comodo Safe List
By the user adding the application to the local ‘My Own Safe Files’
By the user granting the installer elevated privileges (CIS detects if an executable requires administrative privileges. If it does, it asks the user. If they choose to trust, CIS regards the installer and all files generated by the installer as safe)
Additionally, a file will not be sandboxed if it is defined as an Installer or Updater in HIPS policy (See Computer Security Policy for more details).[/i]
Did you restart the application after putting it on “My Own Safe Files” ?
Can you try to create a rule for it as “Installer or Updater” on D+ and see if that helps?
What is the application starting this application and is it trusted?
Hi Ronny,
yes i tried to restart the applications and added them to my own safe files before (there are severals with this behaviour) but it changed nothing, the applications are still virtualized (as i can see in process explorer)
i also turned sandoxing in the d+ configuration completly off, but same behaviour still.
The parent process is different.
For some it is explorer.exe, for one it is services.exe and another one says .
The process are mostly started during windows boot. But occasional manualyy.
The installer trick i tested but it doesn’t change anything. When i kill the processes and flag them as installer or updater and restart them, they are still sandboxed.
Refering to my other question here the only chance to unbox them is this way described here in this thread https://forums.comodo.com/beta-corner-cisv4/bug-or-is-this-behaviour-intended-t52200.0.html by Restarting them via the Process Explorer context menu with Admin Privileges.
I also wondered that cpf.exe is also virtualized?
That sounds very odd to me, can you show a screenshot of this, and “how” you determine it’s still sandboxed?
Does it show up in the D+ logging stating that it’s sandboxed?
no problem
[attachment deleted by admin]
ps: in the logs it doesn’t show up that it’s sandboxed.
This is not Comodo’s Sandbox, this is Windows “virtualized”
PROCESS VIRTUALIZATION One of them is whether or not a running process is "virtualized" into a higher user rights context: This is a process state that will be most commonly associated with 'Vista'-based processes because of the manner in which Windows Vista popularizes the concept of running with a limited user account on a day to day basis and 'virtualizing an environment with elevated rights' in order to execute a process that requires administrative rights.
If CIS Sandboxes it must show up in the D+ logging as sandboxed.
Ok, sorry seems it was my fault. But wasn’t stated in another thread that you can recognize comodos sandboxed process by the virtualized colum in process explorer? how can you distinguish if a process is sandboxed by the OS or Comodo?
I haven’t yet fully understand the concept of vista virtualization in reference to the quotation you posted. The process are sandboxed because they need higher rights. But shouldn’t it ask for admin rights instead?
It has Job restrictions to it, you have to double click the process and see if it has a Job Restriction applied to it.
It just tried it with two different process, where do i find the job restrictions. isn’t this a tab in the process properties? But for the process i tried to sandbox by comodo there 's no such “jobs tabs” in the properties windows?
how did you put that process on the sandbox, and with what restriction level?
sorry, just realized that the “jobs tabs” appears only in properties when process explorer is admin.
p.s.: do you have an idea what’s the problem with vlc media player? when i start it in the sandbox as untrusted or restricted vlc plays files but there’s no audio. but this seems no problem for other media players with equivalent restriction levels in sandbox?
nope, can only guess that VLC access the audio device differently, can you check the output settings type, and fiddle around with that?
I’ve already reported this.
I have also an example for a process that always gets sandboxed whether it’s in the safe list or not.
It’s the free screenshot making tool PicPick. I attached it so you can test it.
As soon as I open it CIS sandboxes it and it gets moved from the safe list to my pending files list and I’m unable to take any screenshots.
Okay, I just realized that this must have something to do with Launchy (2.5.0 Beta 1).
When I directly start the program from within the folder the process doesn’t get sandboxed.
However when I start it through Launchy it gets sandboxed whether or not PicPick is in the safe list.
Launchy is also in the safe list so if a safe program executes another safe program it should be ok.
Maybe someone can look into this.
Thx
I’m using Win 7 32 bit.
[attachment deleted by admin]
thanks ronny. already tried, but nothing got no clue.
Perhaps Launchy as parent is also sandboxed. Did you check that in the logs?
No, Launchy doesn’t get sandboxed.