CIS needs to address leftover applications running in sandbox when the parent application is closed but daughter applications are left running. I have come up with the following two solutions:
Lets say you run a application, call it App-A, it gets run in sandbox automatically.
Then it spawns another process lets day CMD call it App-B.
Now a few things can happen, a user can terminate the original process (App-A), it can be terminated by a Buffer Flow Attack dialog, Cloud Av, Cloud Behavior Blocker or D+.
What happens now is that App-A is closed but App-B is left running, what you want to happen is that once CIS realizes App-A has been closed it should automatically terminate App-B, because the parent process is now gone.
This will solve the issue with leftover things running in memory without having to restart.
Another alternative is that CIS gives you a pop up saying “Original application is closed but the applications it opened are running in memory, please restart to clear out the left over processes.”
let me know what you guys think.
Voted for Option A.
When a malware process is terminated. Its spawned process should be terminated automatically. No hassle of pop-ups here in this aspect…
Thank you, languy99. I already voted, option A.
Strange, cannot vote… but Option A for me! Hope Comodo does this (then again why won’t they, as unlike other people they listen and care about their users so much it brings a tear to my eye hehehe) :a0
Option ‘A’ would be my preferred choice.
can anyone thing of a situation where option A would not work, something where it could cause problems for the user? Remember you have to think that sometimes good software might be running in the sandbox.
i think there might a problem with b cuz when i watched to nis vs cis videos the tester restarted the cis machine and the cmd.exe where still running even after restart. this is why option would work better.
no he did not restart, he even admitted that he forgot to restart, that is why he made video 4.
ok i didnt see video 4. i was wondering why in vid 3 there was still stuff running even though he said he was going to restart.
We have some custom designed software on our network that is used for maintenance. I think some of these programs are designed to run sequentially (i.e. one program runs, does its job, and then terminates itself after launching another program). Although, I am not sure about this. If it is true, then automatically terminating spawned processes would cause a problem. I like the concept of option A. But, maybe you also need the ability to enable and disable this option (see pic)
[attachment deleted by admin]
I voted either option, but I would prefer option A.
I voted for A.
It will be very good if you can “flush” the sandboxed processes, files, folders, registry keys and so on… i.e., delete everything that was created by that processes.
I like option A since re-starting the system is an inconvenience in some circumstances.
I hope that Comodo have a good look at this and find some sort of viable way to add this to the table… so far no word from Staff (but you can’t really expect them to from just a poll really?).