i do not want Comodo to sandbox anything without my knowledge

First, i must say, im quite disappointed with the new 6 version. It is very confusing, i took me a long time to find the settings, & there is a lot of stuff, i don’t want to use, like Antivirus (it surely slows our computers down, with its permanent on access scanning. I prefer on demand scanning), i don’t want ANY programm sandboxed, possibly breaking its functionality or at least slowing the processes down.

However, i don’t find the slightest hint, as to where the sandboxed programs are, to make them permanently unsandboxed. This was already annoying in the 5 version (i strongly reccommend an opt-in for the sandboxing, instead of having to search the very well hidden sandbox folder in version 5 for half an hour).

So, please, where can i find that setting to make sure, nothing is unwantedly sandboxed?

If you like you can uninstall just the AV component by going to Add/Remove components and selecting to uninstall the AV component. You can then install a separate AV alongside Comodo Firewall.

If you want to answer the alerts yourself you can instead enable the HIPS and disable the Behavioral Blocker. However, be aware that this will drastically increase the number of popups you will receive.

Right click on the CIS icon and choose to “Add Status Pane” to the widget. Then, clicking on the right-most button of the widget will open a window showing you the files which are unrecognized, and therefore will be sandboxed. There is also an option to trust them from that list.

Please let me know if you have any other questions.

Thanks.

thanks for the reply, i found that widget. I think i might have some more questions, but here
is the most important one at the moment. I liked the old version, where no window popped up.
Although i deactivated the signature download, this windo still pops up after everey start

http://img195.imageshack.us/img195/375/ann01.png

as well as

http://img585.imageshack.us/img585/1995/ann02.png

How can i turn off both of them?

This is just trying to run an initial quick scan, which shouldn’t take too long. Let it complete this scan and it will never force you to do another again, assuming you also removed the scheduled scans (which you may also want to do).

Yes, i would remove the scheduled scans, only if i knew where. We have this pretty search bar in the new version, only it doesn´t find anything when i search for the word “scheduled”.

Also, how would i stop the second window from showing up after every start? There is nothing of interest for me, so i would like to get rid of it.

Thanks again. After i once ran the scan & rebooted, the second window is gone, so everything´s fine now, 8)

Scheduled scans can be found in the Advanced Settings. Then go to Scans, which is under Antivirus, and deselect both scans.

Sorry, but i´m thinking about rolling the whole thing back:

This new version is so bloated, you can´t find a thing in there. For example, this window tells me, there are about 30 applications blocked! Sorry, but this has to be a big joke. Instead of enabling us to just click on that number to get to that setting, where we can check or remove it (the blocking), i was searching all settings about a five times, without any slightest hint where those 30 blocked applications are.

http://img46.imageshack.us/img46/8870/blockedx.png

I suppose, that many programs won´t function with those randomly blocked programs (just because Comodo doesn´t know them, come on), but i still have to find out (maybe in a critical situation?)

Also, there ist one thing i suggested quite a time ago: Why has to be there about a zillion of very questionable “trusted” companies in the whitelist? & why can´t we select them by ctrl-a (or at least shift-arrow) to throw them all out in one go, to build our own white list? (about 30 trusted companies would be enough for me, instead a 30.000. I suppose, many people don´t want a firewall to enable tens of thousands of companies to phone home without any notification).

I will give the new version another chance, though, but please tell me, where i can find this 30 blocked programs, so i can check, if the blocking is ok.

You should be able to find these in the Unrecognized Files list, which can be accessed through the widget as I explained above.

The widget shows three times “zero” (after removing 3 items), so that doesn´t explain the 30 entries, the protocol claims.I´ve only removed 3 items, so that number seems wrong. Or is it just a leftover from, my various reconfigurations? But then again, i would expect the protocol to show the current status, so it seems, there must be 30 blocked applications or modules somewhere.

I’m not sure exactly what the 30 means in the log. It could even just be that the 3 applications were sandboxed a total of 30 times. I’m not sure.

What’s most important is whether all applications are now able to run correctly. Are they?

Deselecting both the scans disables scheduled scans?

Or, You have to edit & select dont schedule this task under schedule?

Deselecting both disabled the scheduled scans.

Yep, so far. I didn´t test all of them, though (programs i use casually, like xrecode, Geosetter, Babaschess, MP3Tag, etc.).

I might add, that i´m not generally against sandboxing applications, as long as i am notified & can decide, & the applications work flawlessly.

Actually it´s a neat thing to play around with :D. I played a couple of chess games on my chess client, without any big problem, but i wonder, where my saved games go. Is there a special sandbox mirror of the saving locations, like in Sandboxie?

Another question: i set Comodo to training mode. So, after a couple of days, will Comodo have learned, which programs are not to be run in the sandbox? My primary goal was to prevent any sandboxing of my trusted applications. But i would turn it back on again then, to prevent potential malware from working.

While in training mode it will make automatic allow rules for any applications which are run. Thus, even if malware was running on your computer, or you run malware while in training mode, it will be completely allowed, and in addition rules will be added to trust it in the future as well.

Only use training mode for very short periods of time and only of you are 100% sure that there are no potentially dangerous programs on your computer.

It should be pointed out that these ‘Allow’ rules are just that: ALLOW

If one looks into D+ custom policy there are several resource names for which access rights can be established by application, i.e.:

run an executable
interprocess memory access
Windows / WinEvent hooks
process termination
device driver installation
Window messages
protected COM interfaces
protected registry keys
protected files folders
DNS / RPC client servies
physical memory
computer monitor
keyboard

For these resource names, there are three types of permission: ask, block and allow. If the applicatoin has the resource name blocked, then access right to that resource name is denied. IF the resource name is ‘ask’, then CIS will alert you to the specific resource being asked for. You can either allow, block, or treat the app with specific access rights.

If you are sked for permission to access a certain file or registry key, e.g., and you allow and remember this, it will put the name of that file (or registry key) into the exclusion list. Next time that file needs access, CIS will allow THAT file without asking you. A different file? You get asked as many times again and again until you say ‘remember this’. Now you ahve two files remembered. Same with all the other resource names.

If the applicartion has auto allow rules created: it doesn’t ask you and it doesn’t remember the specific accesses, it just allows them. The application is listed in the D+ rules, but the resource access names will have the ‘allow’ permission box checked.

Instead of Training Mode, you should consider more secure configurations, i. e…, Clean PC or Safe Mode. Your best security is using Paranoid mode. You really need to evaluate the differing degrees of rule-creation between the different Security Levels. In Safe mode, it does the same thing for ‘safe’ files. You need to review the fine print in the documentation to ascertain what are ‘safe’ files. The ‘fine print’ can be gleaned in the sandboxing process documentation.

There’s a subtle but notworhy distinction between the differnt modes.

Thanks for your answers. I will switch Comodo from training mode to some other mode soon. I consider to run my browser in a sandbox, but there is a small problem: i´m using a script software (shortcuts) to open various sites, but it opens the standard browser (which is, in this case, Opera). While Opera runs ok in sandboxed mode, those shortcuts will still open up the unsandboxed browser.

Is there a way to make the sandboxed version the default browser, so Hot Keyboard Pro would send the shortcuts to the sandboxed version?

you can add your browser to CIS’s always sandbox list

This should help you.