online lookup and sandbox

Hi, I use cis FW (not AV) and I wonder if the online lookup of suspect files (which is very useful) is working when the sandbox is disabled or if we have to enable it to get those online report alerts ?

Thx :-TU

Please consult this FAQ here.

Best wishes


ok but this faq doesn’t answer the question… 88) i’m not talking about files submitted via "my pending fils " ( which are in fact never withdrawed from this zone :smiley: :smiley: :-X) but i mean the new online analysis (cloud) which is immediate and useful and gives an answer even if the AV is not installed.

is this cloud scanning enabled even if sandbox is disabled ? do we have to tick “submit to comodo” when the D+ popup rises to have it analized online ?

Thanks for clarifying this, lets see if anyone knows.

Any devs out there?

Best wishes


ok, I tried with a trojan 88) :stuck_out_tongue: :stuck_out_tongue: (With returnil “on” of course, i’m not mad ;D ;D :smiley: !)

Conclusion :

  • When sandbox is “on” : the trojan is intercepted by the online lookup and stopped (but not destroyed cause it’s only FW 88) ) :-TU :-TU :-TU

  • When sandbox is “off” : we get the usual D+ messages (high privilege, keys modified etc…) it says that the heuristic activity is suspicious (so if you’re not stupid, you should block it 88)) But NO ONLINE LOOKUP alert is shown…

I think that’s a “plus” for sandbox when you use CIS FW only (you get an online AV scan). O0

Thanks will add to help file, which I have already partially revised.

I guess if not sandboxed you need to do lookup - then the same should happen.

Best wishes


When you gotthe heuristic alert did you ask it to submit to Comodo for analysis?

IF not could you try this please.

Think it may just put it in MPF and not submit, but hopfully it will actually submit.

yes, “submit to comodo” is on by default.

in fact, when sandbox is “on”, the malware is not stopped but you get a warning (online lookup) and it has limited privileges (sandboxed) :wink:

Sorry if I was not clear. I was referring to the option on the heuristics alert. If you did not try this option would you mind doing so and seeing if it auto-looks-up?

Best wishes