Making Auto-Sandboxing work with Eclipse/Maven Development environment

Happy new year to you all!

I’m Java developer and since the upgrade to Comodo Internet Security 10 I have problems to work with known software development tools for Java, properly.

I use Maven as dependency management tool and if I run the Maven “test phase” either from command line or within Eclipse IDE then Comodo sandboxes a special Maven plugin (surefire) JAR file. The test execution doesn’t start and indicates that the test Java process couldn’t be started:

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.19.1:test (default-test) on pr oject builders: Execution default-test of goal org.apache.maven.plugins:maven-surefire-plugin:2.19.1:test fail ed: The forked VM terminated without properly saying goodbye. VM crash or System.exit called? [ERROR] Command was cmd.exe /X /C ""c:\Program Files\Java\jdk1.8.0_05\jre\bin\java" -jar c:\Users\...\repository\core\Builders\target\surefire\surefirebooter204283717033676274.jar c :\Users\...\repository\core\Builders\target\surefire\surefire5844309130 451179683tmp c:\Users\...\repository\core\Builders\target\surefire\sure fire_03932689771284746215tmp"

Comodo displays an alert message that a batch file got sandboxed (it contains the command mentioned above: C:\ProgramData\Comodo\Cis\tempscrpt\C_cmd.exe_1837F1CE73ED7AE59CE0BFD3875ECF125413738B.bat). I tried to add my Java project folder to exclusion list. I added the project folder into Antivirus exception list. As well as into Sandbox exlusion list. The File Rating list displays the surefire JAR file as unknown. The problem is that it’s not enough to rate it as benign because its file name isn’t deterministic. It gets created on each Maven execution with a different name.

I hope we can fix this issue because it’s annoying to always disable sandboxing during development.

Create an auto-sandbox rule to ignore for the project folder location.

Thanks for your reply. I already added the top level root folder to sandbox exclusion list but this didn’t help…

Try disabling embedded code detection under HIPS.

Thank you very much, qmarius! This workaround helps! Surefire is still getting virtualized but the Maven tests run.

I’m a little bit disappointed by CIS 10… I appreciate the extended script execution detection mechanism but it requires a possibility to exclude “trusted scripts” (or something similar) especially for software development environments. I added eclusions for shellcode injection detection (path to software project folder, path to Maven installation folder, path to IDE) but this didn’t help.


Are you working on these issues?