CIS2011 will sandoxed all unknown application run as “partly limit”.
But I found partly limit maybe is not safe enough because unknown application can log the keyboard input and cuptuer the screen and install hook as I know.
and my question is the “partly limit” safe enough?
The main reason for implementing ‘Partially limited’ by default is for the best compatibility for programs running in the sandbox.Of course there’s a degree of compromise from a security perspective in doing this,only time will tell if these settings will require hardening.I have mine set up a notch to ‘Limited’ and haven’t found any problems so far.
Well, I did some testing with Comodo Leak Test.
Configuration is at default (Internet security).
Nothing else was changed except some minor firewall settings.
With partially limited and limited, it scored 310/340
Here comes weird part, with Restricted it scored 340/340 but IE opened during testing and Comodo logo was displayed in the upper left corner of the page that was opened.
With Untrusted it scored 340/340 with no IE opened.
So, I guess Sandbox setting on Untrusted would be the safest option here 
When I was using it i set mine to limited because partially limited sounded… well loose. So i would say limited or above
Untrusted - The application will not be allowed to access any of the Operating system resources. The application will not be allowed to execute more than 10 processes at a time and will be run with very limited access rights.The restrictions on usage of system memory, operation with virtual file system and registry and execution time defined in Advanced Settings will be imposed. Note - Some of the applications that require user interaction may not work properly under this setting.Restricted - The application will be allowed to access very few Operating system resources. The application will not be allowed to execute more than 10 processes at a time and will be run with very limited access rights.The restrictions on usage of system memory, operation with virtual file system and registry and execution time defined in Advanced Settings will be imposed. Note - Some of the applications like computer games may not work properly under this setting.
Limited - Only selected Operating System resources can be accessed by the application. The application will not be allowed to execute more than 10 processes at a time and will be run with out Administrator account privileges. The restrictions on usage of system memory, operation with virtual file system and registry and execution time defined in Advanced Settings will be imposed.
Unrestricted - No Operating System restrictions will be applied - meaning the application will be allowed to access all the Operating system files and resources like clipboard. Still the restrictions on usage of system memory, operation with virtual file system and registry and execution time defined in Advanced Settings will be imposed.
Hope it helps to understand. Sorry if this post is useless.
Partially Limited is pretty robust guys. Yes it does not care about theoretical keylogging, screencapturing etc. but it locks down the applicaiton so that malware can not make a simple change to any critical object.
For example, a partially sandboxed process can not drop files to windows, or change critical registry keys or infect other processes etc.
I am regularly running malware in my computers and always have CIS in default settings. Havent had a single incident yet.
if you try delete.exe from testmypcsecurity.com it gets sandboxed with partial limited but drive D gets deleted. CIS 5 Beta
CIS 4 with limited sandbox delete.exe gets sandboxed drive D does not get deleted. you get an error on delete.exe.
CIS 5 Beta - trojansimulator.exe from testmypcsecurity.com gets sandboxed and detected by the antivirus, but tsserve.exe is deteced as malware and trojansimulator.exe is shown in trusted file. D+ events shows scanned online and found safe.
regards
naren