Comodo does not detect malware when in Kiosk or Virtual Browser mode. How come? I think it would be useful to detect it and remove it so it doesn’t not compromise what you are doing.
I belive kiosk and virtual browser (or any prpgram ran via “Run virtual” button) is completly seperated from the real system, so even undetected, malware can’t do anything to the real system. And (though not in current BETA) this sandbox should delete itself on restart (so, it’s not meant for keeping anything important there.) .
Ok to my understanding an instance of dragon running in the kiosk that has been infected with malware can also affect a virtual instance of firefox or any virtualized ap with the same malware, if this is correct I would have thought an alert or warning to reset sandbox would be useful.
Or you could just reset the sandbox BEFORE doing anything sensitive.
I know that. Only Comodo tends to hang up on resetting the sandbox for me.
The shared space can b used for real system too, right? So if any malware is downloaded to shared space & in the current scenario AV doesn’t detects anything in Kiosk, isn’t this dangerous coz the shared space can also be used for real system?
I understand what you are asking here and the malware could be placed in that folder, but when you try and access it on the “real system” comodo will catch it. It will catch it as soon as it requests memory space to run, so it will either be cleaned if its in the database or be isolated in sandbox if it is not in the database.
Mmm…seems odd to me. I mean, if I’m running a virtual instance because I want to download and install something in the sandbox and TRY it…it could be useful if my AV, BB etc…advise me if something bad is detected, otherwise I could think everything is ok and try to install the same bad thing on the real system. Ok, you say “no problem, BB and AV will detect it”…but, whats the point in having a sandbox if actually I don’t know what is running inside untill I run it outside?!
I mean, using sandboxie CIS can scan inside, and if something is trying to infect the system it warns me…then I can say “Ok, this is a virus, lets delete everything”…or “Ok, I’ve installed this software in the sandbox and seems everything is ok, no warning from CIS, lets scan inside with some other stuff and then, if everything is ok, lets install it on the real system”.
But, if CIS can’t “see” inside his own sandbox, I doubt other sotwares can (MBAM, Hitman pro etc…)…
So, for the moment I’m not 100% convinced by CIS sandbox…cause I don’t use it only to be protected during a web browsing session, but even to try something I don’t know anything about…
if it has been done, i think it was intentional becoz they have to add extra codes to specifically exclude those!!
But how could one know if a program is safe if Comodo doesn’t react to it in the virtual environment?
I think AV should also function under Kiosk.
Seems that no one cares about this problem (why CIS 6 doesn’t care about programs running inside its own sandbox?).
So here I am to bring up my post…untill someone will decide to answer (even “I don’t know, but we’ll give a look at this” could be appreciated) or to close even this 3d >:-D
Do you have an example for us to see and test?
Booting up my netbook and updating now, then going to test the link in sandboxie, copy and paste the link in notepad, then test the link in the Kiosk and Comodo sandbox.
OK finished testing in the Comodo Sandboxed browser, Virtual Kiosk and Sandboxie. CIS detected the malware in only sandboxie but NOT the others. Tested same link in the Virtual Kiosk and Comodo sandbox and still no detection. I downloaded the exe in sandboxie and it got an instant detection, no detection at all with either kiosk or Comodo sandbox. Went back to sandboxie and tested it out again where it DID get detected by the antivirus. From what I can tell the firewall doesn’t alert you as well, don’t think D+ will do anything if non of this other stuff goes off as well. I find this to be a very troubling flaw in the sandbox.
Right: Sandboxie, a software of another vendor, is perfectly integrated whit CIS 6.
CIS 6 sandbox, on the other hand, seems a world apart…totally disconnected from CIS AV, BB…why??
This is the problem…I hope you’ll fix it guys, cause this is a great product, but actually we need to know what’s going on in the sandbox
Whe you have virtual kiosk open and when I downloaded a couple malware samples. I noticed that comodo detected it. are you talking about running a browser fully virtualized in sandbox?
I tested in BOTH the virtual kiosk AND the virtualized browser. No detection.
The Virtual Kiosk needs to be either,
(a) monitored & protected by CIS like any other application (which it appears it is not), or
(b) completely isolated from the host system with no possibility of any activity within it being made permanent or files being written to it (which we know it is not, by design).