Installer is sandboxed (acc. to logs) but not (acc. to APL & unrec files list)


  1. What you did: executed the file CIS alerted that file sandboxed but file not in sandbox ,not even in unrecognized , Not even in trusted list but file running in memory
  2. What actually happened or you actually saw: Nothing except sandbox alert and the installation file hanged
  3. What you expected to happen or see: I expect to see file in sandbox if not there then atlesat in trusted file list
  4. How you tried to fix it & what happened: N/A
  5. If a software compatibility problem have you tried the compatibility fixes (link in format)?: N/A
  6. Details & exact version of any software (execpt CIS) involved (with download link unless malware):
  7. Whether you can make the problem happen again, and if so precise steps to make it happen: execute the file CIS alerts that file sandboxed but file not in sandbox , Not even in trusted file list but file running in memory
  8. Any other information (eg your guess regarding the cause, with reasons): N/A

B. FILES APPENDED. (Please zip unless screenshots).: Attached and ziped

  1. Screenshots of the Defense plus Active Processes List (Required for all issues): Attached
  2. Screenshots illustrating the bug: Attached
  3. Screenshots of related CIS event logs: Attached
  4. A CIS config report or file: Attached
  5. Crash or freeze dump file: N/A
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version: Attached


  1. CIS version, AV database version & configuration: CIS PRO 5.8.213334.2134, database 10577 , attached
  2. a) Have you updated (without uninstall) from a previous version of CIS: Clean Install
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: N/A
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?: N/A
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):No, Config file Zipped and attached
  5. Defense+, Sandbox, Firewall & AV security levels: Antivirus setting = Default (stateful), Firewall setting = Default (safemode), Defence+ setting = Default (safemode)
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows 7 X64 SP1 , UAC Disabled , Admin Account
  7. Other security and utility software currently installed: No
  8. Other security software previously installed at any time since Windows was last installed: Malwarebytes antimalware pro
  9. Virtual machine used (Please do NOT use Virtual box)[color=blue]: No

[attachment deleted by admin]

This is obviously the latest Shadow Defender.
I have just tried it and it is whitelisted.
Setup is started normally and .exe file is in Trusted Files…

But then why was it not in trusted file list and why did my setup become unresponsive anyways i restarted my computer and disabled everything in CIS and it solved the problem must say shadow defender is good soft hope comodo could have something like this

Is D:\ another hard disk or removable media (USB memory)?

EXcellent issue report in standard format, thanks.

The config file is extremely helpful for deep analysis, but to avoid people having to load it could you give brief answers to section C.4 and C.5. I’d appreciate it because we are all volunteers here, and have limited time :slight_smile:

[Edit]Also I assume by N/A in C.3 and C.7 you mean ‘No’?

Can I just clarify the process you went through:

  1. You got an unlimited access alert, not an application isolated notification
  2. You pressed the sandbox button on the alert
  3. then you ran the file again, maybe and and pressed block instead

I think the file probably was sandboxed first time, unless you know different, the question is why was it not in unrecognised files?

Just to clarify.

Best wishes


No D:\ is The partition on the same hard disk ( i always run setups from this drive without issues)

Antivirus setting = Default (stateful)
Firewall setting = Default (safemode)
Defence+ setting = Default (safemode) no major changes except sandbox enabled and

  1. treat unrecognized files is set to partially limited
  2. Enhanced protection mode enabled
  3. Enable adaptive mode under low system resources enabled

Your Assumption for N/A = No is right

The problem is now solved since now the cloud detects the installation file as safe and doesn’t sandbox it anymore and the file doesn’t even run in manual sandbox

Thanks very much. Just need to think this through to see if this constitutes a bug. File was looked up online at some stage, but why running with nothing in unrecognised files but APL showing sandbox=disabled status=unrecognised is unclear. Maybe because you blocked rather than sandboxed it second time it ran?

i never blocked the file (i knew it was safe) the file was sandboxed automatically on execution just giving a sandbox notification

  1. so i went to sandbox to move file in trusted list but it wasn’t there
  2. then i checked the trusted file list it wasn’t there either
  3. then i checked defence+ log to see what had happened and the log was showing that the file was sandboxed
  4. All this time the file was running in the memory except that it had stopped responding
  5. I terminated the file from CIS active process list
  6. i again executed the file and same results as mentioned from step 1 to 4

Hope this clarifies everything

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again