1. What version of CIS, or Comodo Firewall, are you currently using:
Comodo Internet Security 7.0.312140.4101 RC
2. What actually happened or you saw
Currently CIS saves the data for the Fully Virtualized Sandbox on the physical drive.
3. What you wanted to happen or see
My suggestion or wish is an option that makes the Fully Virtualized sandbox save the data in the memory (RAM)
Basically this would work by adding an option to the behavior blocker settings in the Advanced Settings which is disabled by default. When enabled the user should be able to set how much memory the sandbox is allowed to use, the user should be able to specify it in MB or percentage (the choice is up to the user) The sandbox should not allocate all that memory though, it should use it dynamically and only use the MB/percentage as a limit, so if the data in the sandbox is only 16MB then it should only use that much memory at that time.
When the available memory is used up then it will start writing to the actual drive again.
An issue with this though is that the memory is volatile so after restarting the computer all the data in the memory of the FV sandbox would be wiped, so a clear warning of this should be presented when the user tries to enable this feature (like it warns you when you enable FV sandbox) Another issue here is that once again the RAM is volatile so you’ll lose a portion of the data after a restart because you might have gone above the available memory limit and hence started writing on the drive again; hence enabling the memory feature might need to force resetting the sandbox (i.e the data saved on the drive too) when shutting down, in order to avoid corruption or programs finding some of the necessary files but not all etc.
The data saved in the memory should look like it’s on the disc, so the data in the memory should also show up in the C:\VTRoot\ folder, but technically it wouldn’t be in the drive but rather in memory (For example Shadow Defender does this but system wide)
For example you should be able to go to C:\VTRoot\ and copy a file to the real system, if the file is in the memory then it would still look as if it was on the C:\ drive and copied from there to another location but technically it would copy the data from the memory to the location.
4. Why you think it is desirable
Well I believe it would make SSD users happy since it would mean a lot less read/write tear on the SSD, it would also make HDD users happy since Sandboxed applications would be much quicker since they’d be reading/writing data to the RAM rather than the HDD (until the memory limit is hit of course)
5. Any other information
If you have any questions, for example if something needs more explaining etc, then just ask.