Observating potencial dangerous programs more deeply

When i have a program which i think is malicious i would like to treat it as “dangerous” so i would like to flag it as dangerous so it should be sandboxed everytime and additionally i would like to log what registry entrys or other changes it makes to my computer as well as what connections its makes or other odd behaviour.

Maybe there should also be a way to log what programs do in general not only for the dangerous.

1. What actually happened or you saw:
No such feature

2. What you wanted to happen or see:
A way to flag and observe potentially dangerous programs.

3. Why you think it is desirable:
This way i could more easy see myself if something that i think is dangerous is really dangerous.

4. Any other information:

Thank you for submitting this Wish Request. Let me try to dig into this a little deeper.

First, any unknown application will automatically be sandboxed. Thus, when you say you want to treat it as dangerous, do you mean that you want to assign a special restriction to that particular application? If so, at least for that part, would you agree that the Wish Request here would be sufficient, assuming it is added?

I will put off discussion of the other parts of the wish until this is clarified.


Well for this part there would be an other idea but i did not write it down yet:

The original os should be set to write only.
Then we would assume multiple levels of sandbox.

  1. sandbox: system drivers and applications, they will be accessable from other applications but would not be written to the original os.
    This would include all trusted applications that are needet by programs
    The other sandboxes will be inside sandbox one:

  2. trusted applications
    Here would only applications be stored that can be verified to be trustable like certificated mozilla products.

  3. unknown application
    This applications should Each application get their own sandbox and should not be able to interfer with the system or trusted applications

  4. dangerous applications:
    They should be treated like unknown applications but more strictly to make sure that you can even execute a virus in it that would as example try to write to the bios or try to overheat the system or other stuff.

The benefit would be that it would be much harder for malicious software to do any damage, even when the user is unexperienced.

Oh this way you could also add an uninstall option: just clear the sandbox the program is in.

The idea is ofcourse a bit more complicated and this is only a the short version of this idea, it is not fully mature.
One excample: lets say you want to install a toolbar from a unrecognized third party, it would need to run in the same sandbox as the browser (or in a sandbox inside the browser sandbox).

Okay, from what you have written it seems to me that you are referring only to the Fully Virtualized sandbox. For example, you would not use Partially Limited, Limited, Restricted, or Untrusted. Is that correct?


yes it is correct so far, however i dont really understand Partially Limited, Limited, Restricted, or Untrusted, i tried to look it up in the documentation but still i dont really understand it. So i assume in my idea a fully virtualized sandbox where untrusted programs are again treated in a special manner (like monitored as example).

Partially Limited, Limited, Restricted, and Untrusted will all run the application on the real computer. They will just apply varying levels of restriction to what it is allowed to do.

Perhaps I am wrong, but wouldn’t the wishes here, here, and here essentially fulfill your wish, assuming they were implemented? If not, please let me know what would still be missing.


  • This suggestion is very different from sanyas suggestions as what i suggest is some kind of autosandboxing with multiple instances of sandboxes.

  • My own suggestion to have multiple sandbox capability would be a precondition for my suggestion here but still very different.

  • Sanyas Wish for Running hips inside a sandbox is surely a good idea, but if you feel its related to the logging suggestion i dont know how it would relate.

  • I must admit i dont know how comodo logs programs now.
    Is there a way to see what registry entrys were installed by a program? (even when i have not confirmed the manually ofcourse)
    If so i would change that part of the suggestion and suggest instead to make the logs more easy to find.

  • Is there any suggestion to run every program in a different sandbox? Because thats what i suggested in the second part.

  • In the first part i suggested to improve the logging capability for hips.

Agreed. That Wish would need to be fulfilled for what you would like to see to be fully possible.

Actually, Sanya’s wish included a HIDS in the Fully Virtualized Sandbox. This would show the actions which a file is taking, and would therefore take on the real computer. I believe that would suffice for what you are asking for.

Yes. That is part of the wish here. It would just be one way of using the added functionality should that other wish be fulfilled.

I believe that would be the HIDS which Sanya requested.

What are your thoughts on the interactions between your wish and these other wishes at this point?


“- Is there any suggestion to run every program in a different sandbox? Because thats what i suggested in the second part.
Yes. That is part of the wish here. It would just be one way of using the added functionality should that other wish be fulfilled.”

Well i did not intend it as part of that wish but otherwise i would need to extend it then.
I did not suggest there to run EVERY app in a hirachical sanbox system like i suggest now.
Only to have different sandboxes.
If you think it should be part of that wish i would extend it there.

About the monitoring part, i think thats like what sanya suggest with hids.

Your wish essentially seems to take those wishes, and extend them a little. However, as they have not yet been added it seems a little strange to forward a wish which extends the functionality of other wishes, without technically proposing anything significantly different. I think the best way to continue would be to move this topic to Rejected.

Then, once some of the other functionality is added by the devs (which I hope it will be) please feel free to remind me of this wish. That will then put this Wish Request on a good footing for continuing.

Does that sound okay to you?


Yes its alright to delay this part to later.
How long do you think your team will need to implement the multiple sandbox thing so i can add the new idea?

I am not Comodo staff. I am a volunteer moderator and handle the bug and wish boards. I have no direct contact with the devs. All I can do is put wishes in a tracker which is viewed and updated periodically by them. However, I have no idea what their plans, and priorities are. All I do know is that from past experience I believe they would be likely to reject a wish which would require so many other wishes to be fulfilled. Thus, I think it’s best to wait.

I will now move this to Rejected, although, as discussed previously, I think it’s a good idea to move it back and continue processing once multiple sandboxes are implemented (which I really do hope will happen, and soon).

Thank you.