Maybe this is an old problem, or maybe this only happens on my system but:
Avast has a tool to check if their autosandbox is working in their AV. It drops a file in the C: directory and creates a harmless autostart entry as well.
when i ran the file to test Comodo sandbox, the file is neither sandboxed nor is an alert generated by D+ even though the file isnt signed afaik, and it creates a startup entry(harmless but still)
im on Win7 x 64
MSE 2.1 + Comodo FW(no AV), (enhanced protection active, create rules for safe applications) everything else is default
if anyone wants to try to replicate this , the file can be downloaded from Avast forum at
I have had similar problems as I wrote in another thread:
“I have had similar problems with CIS too. And it is not a question of command line execution. Simply launching new malware (CIS antivirus is not installed) that is so new most scanners don’t recognize it does not cause any action from Comodo defence+ or sandbox. And specillay this happens if my defence+ setting is something else that Partially limited. As if the other settings would not work.”
It gets sandboxed here. It is capable to dropping a file in c:\ because it is not a protected folder. It gets blocked from making the registry entry though.
When running without sandbox D+ will only alert for the registry entry.
the problem returns today. i wonder if autosandboxme.exe gets scanned in the cloud and found to be safe? mind you, there is no D+ log to confirm or deny that.
??? i feel like im doing something wrong since it not happening for you, but it seems at least a few others have the same problem.
i just wish something showed up in a log file to help me understand
The file executed (from downloads folder) without any D+ warning. No file is dropped in C: (It requires admin permissions on my system) but the autorun entry is created. File execution is not sandboxed, no D+ log.
Windows 7 x64, CIS 5.8 (not beta), Proactive configuration, D+ set to alert me (did not check “do not show popup alerts”), sandbox enabled.
Maybe its a 64x only issue? im not sure what others who are seeing the same results are using though.
disabling MSE doesnt change the results unfortunately.
an uninstall/reinstall fixes it for 1 or 2 tries of autosandbox.exe, but then it reverts to the problem again.
if i had any sort of log to send in, id gladly do it. :-\
currently, im using the final release, so my install is about 1day old, meaning that this file is being correctly handled (sandboxed) at the moment. usually after a day or two it stops working correctly though, ill test again in a couple of days but:
just now, i disabled sandbox, ran autosandboxme.exe and got all the expected D+ alerts
“explorer.exe is trying to open autosandboxme.exe” (allowed)
“autosandboxme.exe is trying to modify a protected file or directory” (blocked)
“autosandboxme.exe is trying to modify the protected registry key …currentversion/run” (blocked)
ok, the problem is back. this time , i made a video in the hopes that it will somehow help… im not an expert at making videos by any means, but i tried to show the important things, like settings, trusted file list, d+ rules, etc
if anyone cares to watch, here it is
the d+ event entries you see at the end are from previous times i tested autosandboxme.exe and i made the video after the 1st time Comodo failed (for whatever reason, be it my fault or otherwise) to sandbox the file.
