Printer not found on sandboxed browsers [Issue Report]

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
#1

If browsers are sandboxed with or without virtualization and I click on Print, it isn’t able to find a printer.

The bug/issue
1. What you did: I click on Print in the browser, it gives me an error.
2. What actually happened or you actually saw: I click on Print in the browser, it gives me an error. it isn’t able to find a printer.
3. What you expected to happen or see: Browser sandboxed should print.
4. How you tried to fix it & what happened: Nothing
5. If its an application compatibility problem have you tried the application fixes here?: No
6. Details & exact version of any application (execpt CIS) involved with download link: Firefox 4.0.1, Internet Explorer 9
7. Whether you can make the problem happen again, and if so exact steps to make it happen: I activated Proactive and put my browsers (Firefox, IE) in the list “Always Sandbox” with “Partially Limited” level and virtualization. Run the software.
8. Any other information (eg your guess regarding the cause, with reasons): NO

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug:

    http://img405.imageshack.us/img405/1230/immagineyne.th.jpg

    Traslation:
Before printing, it's necessary to install a printer. Would you add a printer now?

  1. Screenshots of related CIS event logs and the Defense+ Active Processes List:

    http://img232.imageshack.us/img232/7475/immagine2hy.th.jpg

    http://img853.imageshack.us/img853/7183/immagine3fo.th.jpg

  2. A CIS config report or file.

  3. Crash or freeze dump file: NO

Your set-up

  1. CIS version, AV database version & configuration used: 5.4.189822.1355, AV DB Version 9029, Proactive Security
  2. a) Have you updated (without uninstall) from CIS 3 or 4: No
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS: NO
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):
    In Firewall Settings:
  • I enabled IPv6 filtering
  • I disabled “This pc is a gateway”
  • I disabled everything except: Protect ARP cache, Block ARP Messages, Protocol Analize
    In Defence+ Settings:
    All unchecked in General Settings. All checked/enabled in all other sheets
  1. Defense+, Sandbox, Firewall & AV security levels:
    D+=Safe , Sandbox=Disabled, Firewall = Personalized Policy, AV = Optimized
  2. OS version, service pack, number of bits, UAC setting, & account type:
    Windows 7 Professional, Service Pack 1, 32-bit, UAC disabled, Aministrator account
  3. Other security and utility software installed:
    Prevx, MalwareBytes Anti-malware only on-demand, CCleaner, RevoUnistaller
  4. Virtual machine used (Please do NOT use Virtual box): NO
#2

I cannot read the complete alert that is in the report. It says Accesso Interfaccia… What is the complete alert here. Is it the Italian equivalent of Firefox trying Accessing Protected Com Interface?

If that is the case then that is by design:

In addition to the Sandbox restriction level set for an application, Defense + also implements the following restrictions. A sandboxed application cannot:

Access non-sandboxed applications in memory

Access protected COM interfaces

Key log or screen capture

Set windows hooks

Modify protected registry keys (if virtualization is enabled)

Modify EXISTING protected file (if virtualization is enabled).

Src: Unknown Files: The Sand-boxing and Scanning Processes

#3

The complete message is: “Accesso Interfaccia COM” → “Access COM interfaces”

#4

Then it is by design and therefor expected behaviour.

Being able to print while a program is sandboxed seems more suitable for being put on the wishlist in Wishlist - CIS.

#5

Thank you for your Issue report.

Moved to verified.

Thank you

Dennis