Missing Sandbox settings

I have encountered a weird error. After reinstalling my XPx64 and latest CIS, I don’t have ANY way to configure sandbox. The advanced settings window just does not have “sandbox” anymore, nor have I found its settings anywhere else ???
I even reinstalled windows again and installed CIS first. Same result.

Couldn’t find a similar report on the net either, so I’m posting here…

Btw, is there a reg entry to turn sandbox off completely, or any other options? I really don’t like the auto-sandboxing at all… With it turn on, I had to restart some installations 5-10 times, cause it keeps sandboxing new files…

Hi HackAR,
Under ‘Defense+’ in the ‘Advanced Settings’, are you missing both the Behaviour Blocker and Sandbox?(Screenshot)
If yes, it sounds like you have encountered the bug in the topic below effecting XP 64-bit.
Behavior blocker menu missing in Advanced Setting

Kind regards.

[attachment deleted by admin]

Yes, only HIPS is there. (screenshot)

I’ve found a switch in registry to turn off sandbox service. Found a level entry for sandboxing in registry, changed it 5->0. It turned off Defence+ completely (WOW what a speed!). Plus it made CIS report problem with Defence+ which it could not fix. So I changed it back…


  1. see previous post
  2. Yes i can reproduce the problem 100% (see previous post)
  3. just installed windows + CIS
  4. should be obvious…
    5/6. no other software involved, clean OS
  5. using a modified version of XPx64 (nLite) I don’t know how it could effect displaying tab for settings, but Ill try an unchanged installation in a VBox today.
  6. attaching Diag and screenshot …


  1. Exact CIS version & configuration
    CIS 6.3.297838.2953 configuration does not matter.
  2. Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV
    Deactivated “Do not show alerts” and “GeekBuddy” during installation. All default after installation.
  3. Have U made any other changes to the default config?
    After encountering the problem
  4. Have U updated (without uninstall) from a CIS 5?
  5. Have U imported a config from a previous version of CIS?
  6. OS version, SP, 32/64 bit, UAC setting, account type, V.Machine
    XPx64 SP2 (UAC? =D) Admin account, real PC (named VMLOG though)
  7. Other security/s’box software a) currently installed b) installed since OS

[attachment deleted by admin]

This is a bug and has already been reported. Please see here.

Is there any way to manually disable sandbox? Reg change, etc.?

P.S. test with clean, unchanged XPx64 SP2, without updates in a VBox failed too. So it’s not nLite related.

For the main screen are you able to switch it to Advanced View? If so you should be able to disable it from the drop-down menu.

Yes I’m able to switch to advanced. But where can I find the “drop-down menu”? There is no Sandbox or similar anywhere. No right-click either.

If everything else fails you can disable the sandbox by following this:

  • Backup the registry.
  • Open regedit.exe
  • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations
  • Identify your configuration file, by default 0 is Internet Security, 1 is Proactive Security and 2 is Firewall Security, you can identify which is which my clicking one of the numbers and looking for the key “Name” to the right.
  • Now navigate to X\HIPS\SBSettings where X is the number of your active configuration file.
  • Find “SBMode” in the list to the right.

[li]Change its value to exactly “11773” without the quotation-marks, this should disable the auto-sandbox, if you ever want to enable it again then change the value to “1177b”

Under the Auto-Sandbox section you should be able to click where it says Partially Limited. This will show the drop-down menu, of which one of the options is disabled.

Thanks, I’ll try it, but my current Value is “1057b”…
[edit] 11773 seems to work. Many thanks. the missing bits on my value must be related to some other settings…

[at]Chiron There is no “Auto-Sandbox section”…

In that case, if you want to revert then I’d recommend to use the value you had as default, I have a lot of different settings myself and those numbers were for my setup, it’s possible that each number in the value could correspond to a setting and the last being a “3” decides to disable the sandbox and having it set to “b” enables it. shrugs I don’t really know, which is why registry backups are always a good idea.

my thoughts exactly :wink:

To confirm:
I have just installed Comodo Internet Security version 7.0.317799.4142, and the missing Sandbox and Behavior Blocker is still an issue.

I installed CIS on 2 computers (clean systems, nothing else is installed):

  • Windows XP 32 bit SP 3 - everything is OK.
  • Windows XP 64 bit SP 2 - Sandbox and Behavior Blocker are absent.

The sandbox in CIS doesnt not support windows xp 64 bit so the settings are not shown

Does this disable Auto-Sandbox or the Sandbox?

While “The sandbox in CIS doesnt not support windows xp 64 bit”, it’s still active and auto-sandbox lots of programs like installers and sub programs of the installers. This results in incomplete installations, many reinstalls (basically once per “do not isolate again” click). In case of driver installs, this can result in a broken system, also.

Edit: I welcome that you allow a program to run on an “unsupported” OS. But you should allow us to adjust some settings, or at least let us deactivate the program.

Do you have “Trust applications signed by trusted vendors” and “Trust files installed by trusted installers” disabled?

No, I have not.
But I don’t see the point of your question anyway, sorry. Sometimes I have to install unsigned drivers. And you can’t expect the integrated list to include all software I’d like to install. Most of them do not use signed installers.

:-TU Totally agree!

It would be nice to be able to disable auto-sandboxing on unsupported OS (Win Xp x64).
I really like CIS, but the problems with auto-sandboxing sometimes lead to very nasty outcomes, easpecailly when installing software containing unsigned drivers.