1. The full product and its version:
COMODO Internet Security 8.0.332922.4281 BETA 2. Your Operating System (32 or 64 bit) and ServicePack revision. and if using a virtual machine, which one:
windows 7 sp1 X64 in real system
3. List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?:
Default configuration 4. Did you install over a previous version without uninstalling first, or import a previous configuration file?:
Clean install 5. Other Security, Sandboxing or Utility Software Installed:
No 6. Step by step description to reproduce the issue. Or if you cannot reproduce it, what you actually did before it happened, step by step: 1: Install a download management program which is not listed in the list of “File Downloaders”. The one I tested the program Xtreme Download Manager 2: Files downloaded through these programs will not be restricted through the Auto-Sandbox. They will be run with full rights.
7. What actually happened when you carried out these steps:
If the Download Manager used does not exist in File group apps downloaded through it will be run unrestricted, with full access to the computer.
8. What you expected to see or happen when you carried out these steps, and why (if not obvious):
If CIS is going to rely on a list of download programs in order to decide whether to restrict files or not, this list should be much more comprehensive, not just the famous and popular ones. Alternatively, the rules governing this should be much more stringent and strict.
Thank you. Please edit your first post so that it is directed towards the danger which all download managers not in that list play in this vulnerability. I had originally thought that perhaps this just applied to downloader programs. I don’t want anyone else to make the same mistake.
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.