Inquiry into workings of CIS v8 sandbox

egemen,

2 things I want to know----

  1. Autosandbox is by default full virtual now, right?
  2. Unlimited Rights Popup - Run Virtual - is this full virtual?

yes & yes

So if I try to install a program & get Unlimited Rights popup & I hit Run Virtual, the program will be installed under Full Virtualization & Reset Sandbox option in the GUI will remove the program completely, right?
So If I have installed 3 programs under Full Virtual & want to remove 1 program, how can I do it?

Now only unknown programs coming from internet, usb & network are sandboxed.
So if an already installed program tries to update/upgrade the program, it is considered trusted or considered coming from the internet & will be checked again various whitelists & found unknown will be sandboxed?

It isn’t really that easy to do what you want since CIS doesn’t utilize separate sandboxes for each application, however if the application in question has an uninstaller then you could possibly run the uninstaller in the sandbox and uninstall the program that way, otherwise you may have to manually go to VTRoot and remove the data for the application and then also go into the virtualized registry and remove the data for the application there if relevant.

Personally I think that separate sandboxes (configurable so that if the user wanted they could run several applications in one sandbox or just one application in another sandbox) is the way to go for Comodo, I believe that it wouldn’t be THAT hard for normal users to understand and it would really improve the usability and versatility of the Sandbox. I also wished for the sandbox to have an option to ask what to do with the file rather than only auto-sandboxing it with a predefined restriction, the ability to also choose a previously existing sandbox session or start a new sandbox session would be perfect for that alert as well! If both ‘separate sandboxes’ and the ‘ask instead of predefined reaction’ were to be implemented, it would increase security (as in any malicious file in one sandbox can’t mess with the data of another sandbox) it would also increase reliability (as in you don’t have to reset ALL of the data for ALL sandboxes, just the one you want to purge, meaning unwanted data loss is easier to avoid) and it would increase the usability (as in users can easily choose what to sandbox the application as, as well as deciding which sandbox it should be run in.

Thinking about all the positive things the above would do, I can’t understand why Comodo wouldn’t want to do it, unless they simply don’t want to code it… but then perhaps they’re in the wrong business? :-\

Hi Sanya IV Litvyak,
Please see bug 493 in the tracker.
Add Ability To Create Multiple Sboxes For Running Apps Fully Virtualized [M493]

Kind regards.

I’m aware of the wish request but simply being a verified wish does not equal to eventually being implemented into the product, I’m merely suggesting that if that wish was to be implemented, it would solve situations like these where the user wants to clear the sandbox but want to keep certain applications that were installed in the sandbox, and then if the Ask wish got implemented (bug 909 in tracker) and also had the ability to choose between different instances, then that would make the usability of multiple sandboxes so much better.

Just Sanyain.

Thanxx for the info.

So now as its full virtual, what will happen if one try to uninstall a program on the system & gets unlimited rights popup & one hits run virtual, will the program uninstall or what will happen?

OR now as only internet, usb & network are monitored, there will be no unlimited rights popup when one try to uninstall any program installed on the system?

If the program was installed in fully virtualized environment then answering “Run Virtual” for the uninstaller then it should in theory uninstall the program; Whether or not you’d get an alert to run the application as virtual or unlimited I don’t know.

Thanks Sanya, no problem. :slight_smile:
I understand that there is no guarantee of the wish/bug being implemented, but in it current status there is some hope.

Kind regards.

I am little confused with CIS 8 sandbox.

Autosandbox - Full Virtual Default
Unlimited Rights Popup - Run Isolated Default Option - Full Virtual
The above are correct, right?
So I thought now apps autosandboxed & apps installed with default option on unlimited rights popup i.e run isolated, will be installed under full virtualization & not touch the real system & when sandbox will be reset, everything will be cleared & as nothing touched the real system, nothing will be there on the real system, am I right?

But I just watched a test on youtube & everything was at default & default actions were carried out, sandbox reset, system restarted but malware remains were found on the system? How come malware remains were there if they were fully virtualized i.e not touch the real system & sandbox was reset?

Am I missing something here?

Autosandbox - Full Virtual Default Unlimited Rights Popup - Run Isolated Default Option - Full Virtual The above are correct, right? So I thought now apps autosandboxed & apps installed with default option on unlimited rights popup i.e run isolated, will be installed under full virtualization & not touch the real system & when sandbox will be reset, everything will be cleared & as nothing touched the real system, nothing will be there on the real system, am I right?

Right.

Link the test pls.

During the test, there were no autosandbox popup or unlimited rights popup for some malware, dont know why? But the reviewer at the end of test mentioned some beta bug or something about an option.

Naren, I split your topic from the COMODO Internet Security 8 vs Malware Tests topic and moved it to the D+ help board. You were using the topic to understand the basic workings of CIS v8 sandbox for which the topic is not suited.