Since 4.1 the sandbox has a realtime “cloud” request. That’s a nice thing (would be even nicer if there would be a notification but that’s not the issue here…).
However, it seems to be used just for whitelisting. If a program is known to be malicious to the Comodo server and not detected by the AV component yet Comodo doesn’t show this in the sandbox pop ups:
http://www.ld-host.de/uploads/thumbnails/68779d2b19f8c2a9ec181c16c912fa83.png
It’s a waste of detection and probably even protection.
When Comodo is doing a server lookup, why doesn’t it do a little check to see if the program is on the blacklist?