No sandboxing or D+ alert for test application

Maybe this is an old problem, or maybe this only happens on my system but:

Avast has a tool to check if their autosandbox is working in their AV. It drops a file in the C: directory and creates a harmless autostart entry as well.

when i ran the file to test Comodo sandbox, the file is neither sandboxed nor is an alert generated by D+ even though the file isnt signed afaik, and it creates a startup entry(harmless but still)

im on Win7 x 64

MSE 2.1 + Comodo FW(no AV), (enhanced protection active, create rules for safe applications) everything else is default

if anyone wants to try to replicate this , the file can be downloaded from Avast forum at

More info about what the testing tool does here:

I have had similar problems as I wrote in another thread:

“I have had similar problems with CIS too. And it is not a question of command line execution. Simply launching new malware (CIS antivirus is not installed) that is so new most scanners don’t recognize it does not cause any action from Comodo defence+ or sandbox. And specillay this happens if my defence+ setting is something else that Partially limited. As if the other settings would not work.”

It gets sandboxed here. It is capable to dropping a file in c:\ because it is not a protected folder. It gets blocked from making the registry entry though.

When running without sandbox D+ will only alert for the registry entry.

thanks for testing… i guess ill tinker with mine to see why im not getting any alert and/or sandboxing

I tried this out too. I had it downloaded to my download folder. I ran it and it was sandboxed. I have it running on untrusted.

something must have gone wrong with my installation… an uninstall/re-install fixed it.

thanks guys


the problem returns today. i wonder if autosandboxme.exe gets scanned in the cloud and found to be safe? mind you, there is no D+ log to confirm or deny that.

strange indeed

The D+ logs here show it gets sandboxed.

Hi Guys

just tried it on my system and it got through. I have CIS set on proactive with D+ set on untrusted.

A penny for your thoughts.


??? i feel like im doing something wrong since it not happening for you, but it seems at least a few others have the same problem.
i just wish something showed up in a log file to help me understand

What OS are you on?

I am on WIn 7 SP1 x86

What happens when you temporarily disable MSE?

The file executed (from downloads folder) without any D+ warning. No file is dropped in C: (It requires admin permissions on my system) but the autorun entry is created. File execution is not sandboxed, no D+ log.

Windows 7 x64, CIS 5.8 (not beta), Proactive configuration, D+ set to alert me (did not check “do not show popup alerts”), sandbox enabled.

Do you have automatic sandboxing enabled?

Maybe its a 64x only issue? im not sure what others who are seeing the same results are using though.
disabling MSE doesnt change the results unfortunately.
an uninstall/reinstall fixes it for 1 or 2 tries of autosandbox.exe, but then it reverts to the problem again.
if i had any sort of log to send in, id gladly do it. :-\

It looks like it may be an x64 problem.

Can you and SivaSuresh see what happens when the automatic sandbox is disabled? If that gives the same results I am willing to call it a bug.

I initially checked it with “auto sandboxing” enabled. Even with “auto sandboxing” disabled it is the same result for me.

Shall I file a bug ? or it is already filed ?

currently, im using the final release, so my install is about 1day old, meaning that this file is being correctly handled (sandboxed) at the moment. usually after a day or two it stops working correctly though, ill test again in a couple of days but:

just now, i disabled sandbox, ran autosandboxme.exe and got all the expected D+ alerts

“explorer.exe is trying to open autosandboxme.exe” (allowed)

“autosandboxme.exe is trying to modify a protected file or directory” (blocked)

“autosandboxme.exe is trying to modify the protected registry key …currentversion/run” (blocked)

and everything is ok, no bypass :smiley:

ill retest in a few days

ok, the problem is back. this time , i made a video in the hopes that it will somehow help… im not an expert at making videos by any means, but i tried to show the important things, like settings, trusted file list, d+ rules, etc
if anyone cares to watch, here it is

the d+ event entries you see at the end are from previous times i tested autosandboxme.exe and i made the video after the 1st time Comodo failed (for whatever reason, be it my fault or otherwise) to sandbox the file.

and this is my computer info

[attachment deleted by admin]


I run windows 7 Ultimate 32 bit. No other security software. Everything in CIS set to proactive with D+ set to untrusted.


Did you double check that there was no rule made in Defense + Rules when testing?

Shall I file a bug ? or it is already filed ?
There is no bug report of this. If you want to do the honourable thing then please go ahead. :)

It looks like the problem is not limited to x64 only.