Containment Settings- Advanced- “Enable automatic startup for services installed in the container.”- Please explain this option.
Auto-Containment- The bottom option “Run Virtually”, double click it, the new window has a setting “OPTIONS”, click it, under “OPTIONS” there is a setting “Set Restriction Level” and it is “Unchecked” by default. My question is-
Auto-Containment is by default set to “Run Virtually” i.e Full Virtual? and programs running in the Containment cannot drop files on the Real system?
cruelsister mention the default Auto-Containment is “Partial Limited”, is it correct? and programs running in the containment can change the screensaver or ransomware can drop a notepad file on the Real system, is it correct?
“Set Restriction Level” option is “Unchecked”- This means the option has no effect as it is unchecked, right?
I understand cruelsister suggestion to check the option and set to “Restricted”. I don’t understand why she mention the default containment is Partial Limited?
“Action” on the top set to “Restricted” and “Set Restriction Level” below set to “Restricted”- both means same or what’s the difference?
Containment Settings- Advanced- "Enable automatic startup for services installed in the container."- Please explain this option.
It means if a windows service is installed in the container and you have not reset the container and you reboot your computer, then the next time something gets run fully virtualized (auto-contained rule triggered, run in comodo containment file context-menu, run virtual desktop task) then the service will also start in containment.
Auto-Containment is by default set to "Run Virtually" i.e Full Virtual? and programs running in the Containment cannot drop files on the Real system?
Correct.
cruelsister mention the default Auto-Containment is "Partial Limited", is it correct? and programs running in the containment can change the screensaver or ransomware can drop a notepad file on the Real system, is it correct?
No, PL used to be the default for CIS versions 4.x through 7.x, since version 8.x the default is fully virtualized. Changing the screensaver under fully virtualized was possible by the way of using SystemParametersInfo function but has since been fixed. Any file being dropped on the real system or any existing file being modified by an application running fully virtualized should not be possible unless a true bypass is found.
"Set Restriction Level" option is "Unchecked"- This means the option has no effect as it is unchecked, right?
I understand cruelsister suggestion to check the option and set to "Restricted". I don't understand why she mention the default containment is Partial Limited?
Correct when an option is greyed out it means it is not in effect, but it just shows the default selection when you do enable restriction level. Another post explains this as well [url=https://forums.comodo.com/help-ccav/sandbox-settings-t122343.0.html;msg878603#msg878603]here[/url].
"Action" on the top set to "Restricted" and "Set Restriction Level" below set to "Restricted"- both means same or what's the difference?
The restricted name under action is used for a lack of a better term or way to differentiate between run virtually and non-virtually. I guess they could have it say "run using restriction" or "run restriction level" or "run non-virtually with restrictions". Yeah it is confusing especially when you get the auto-containment notification saying application is run restricted even if you have set the restriction level to something other than restricted.
I think Comodo team should redesign all this containment feature. I think it would be much easier to use if it was designed similar to HIPS - you select and app and select what you want to prohibit, virtualize, restrict or whatever in its activity, manually selecting what is restricted and what is virtualized, or making your own levels or presets of virtualization. Now this containment looks so abstract and counter-intuitive.
So I think, too and I’m not starting a new topic like it’s gonna turn out in the warning field.
I wanted to install files on extern harddisks but when I want to do this the harddisk is or even folders on the intern harddisk are shon as protected and I are told to unlock but this isn’t possible. But I don’t know about security then.