Make sandbox full virtualize any file thats unknow by CIS 8

yro · November 25, 2014, 6:03pm

1. What actually happened or you saw:
::: Comodo Internet Security 8 did not fully virtualize unknow softwares and/or files.

2. What you wanted to happen or see:
::: I want You to change the way sandbox works by default on CIS 8 making it to fully virtualize any kind of file thats not know by CIS 8 or not trusted by the user.

3. Why you think it is desirable:
::: This will increase the power of blocking and prevention of unknow files or malwares to make changes in the user O.S. and prevent damages from unknow malwares by sandboxing everything thats not allowed/trusted by the user or by the trusted vendors list.

4. Any other information:
::: If You make this change in the next cis 8 update (making it as default behavior for sandbox) and add the request posted at https://forums.comodo.com/wishlist-cis/add-automatic-clean-parent-foles-funtion-to-reset-sandbox-t108184.0.html we will see Comodo really rizing as metheoric…

wasgij6 · November 25, 2014, 7:51pm

This is already the default in CIS 8. If you look throught the autosandbox rules they are all set to block or fully virtualized

yro · November 25, 2014, 8:44pm

No, its not. CIS 8 only isolate these files if they are incoming from internet. Thats why we need to change the settings a little bit to have the full virtualization working for any file from enywhere. and thats why I made this request.

wasgij6 · November 25, 2014, 10:00pm

for this you can switch to proactive config. Egemen the lead developer of CIS has already said why they changed the default behavior.

Since they just changed it i honestly dont think they will change it back.

yro · November 26, 2014, 12:26am

They should.

Its not about what they think is good for users. Its about what users need so the idea proposed by Mellih can become real.

How can Mellih bring us CIS so we can be protected if CIS ignore files from my pendrive, my dvd, my external hdd, etc?

I know its not “that” case the way I strictly said, but this default configuration that is coming in CIS 8 makes our system vulnerable. We can change it with 3 clicks, but why force people to be vulnerable (in any terms) if people can just be safe with it? Why not change this configuration and make the “full virtualization” the real default so people can have less troubles and more security?

anyway… my request is valid and explained. lets see if other users take a look at this issue and open their eyes to this as this could be a big problem in a near future…

scre · November 26, 2014, 7:19pm

Voted yes.

sd_ahmad · November 26, 2014, 8:09pm

me too :-TU

qmarius · November 30, 2014, 10:20am

I’m afraid we do not have enough information in order to process your request. (whether this behavior is intended or not)
Telemetry does not tell us anything unusual. This practice is not new- it’s present in various reputation algorithms (as for example, classification of suspicious links trough Twitter messages that repeat)

Currently, this is considered as a bug (an existent one) with a (very) high priority.
After the mentioned bug gets a different resolution then we can further discuss this behavior and maybe improve it trough various suggestions.

I hope you understand.
In the meantime, I will move your wish request to the “Added/Rejected Wishes” section.

Thank you.

yro · December 2, 2014, 3:37am

ok. I understand. Ill wait for more informations about this mentioned bug.