Is Behaviour blocker the same automatic sandbox?

One of the things we do as mods is share things we learn about CIS during mods only test period. That is what I did and as such I substituted Comodo.

When reading Unknown Files: The Sand-boxing and Scanning Processes for v5 Comodo speaks of behaviour analysis by cloud:

The behavior analysis system is a cloud based service that is used to help determine whether a file exhibits malicious behavior. Once submitted to the system, the unknown executable will be automatically run in a virtual environment and all actions that it takes will be monitored. For example, processes spawned, files and registry key modifications, host state changes and network activity will be recorded.

If these behaviors are found to be malicious then the signature of the executable is automatically added to the antivirus black list.

The above learn that behaviour analysis has already been part of CIS by means of cloud and has been named as such.

As I mentioned previous, the current BB does block behaviors such as screengrabbing and keylogging. The previous automatic sandbox did not do this.

So, it is blocking behaviors, not just automatically sandboxing things. No, it’s not yet a traditional behavior blocker, but in the interim I don’t see a problem with calling it a BB when it is in fact blocking certain suspicious behaviors.


If I am right, now the autosandbox also automatically allow/block those COM & Protected things popup which were there in the previous version, right?

I too think its a BB in progress… Currently light & will be better with time & future versions.