problems with custom rule for my 'malware' folder...

I’ve set up an auto sandbox rule with a ‘block’ action and ‘quarantine’ option for my Malware folder… downloaded an ‘adware fake optimizer’ file into the ‘malware’ folder, and run the fake optimizer program… UAC was alerted and the file then proceeds with its ‘select a language’ installer… at what point should Comodo have jumped on it and blocked/quarantined the program?
oh, and I also set the file rating as ‘unrecognized’

[attachment deleted by admin]

I have no idea why it’s not working for you but I can get the sandbox to block executables when ran from a blocked folder as defined in the auto-sandbox rules.

Edit: It seems you have enabled file source tracking, did you define any “Sources” rules for the sandbox rule? If not add a new sources rule with file group all applications and keep location and origin to any.

ok, done that, but still the same??
all I’m getting is a popup saying that it wants to access memory…

[attachment deleted by admin]

Only other thing I can think of is maybe UAC is somehow causing the issue, try disabling UAC and reboot for the change to take affect, delete the file and re-download and try again. What Windows version are you running? Do you have any other security software installed?

Edit: Can you send me the link to the application that’s not getting blocked?

I’m using win7, EAM and NoVirusThanks ERP…
file link…

ok, I turned UAC, EAM, and ERP off… ran the file, and the installer ran with no objections!

I don’t know what to say, I’m having no issues getting the file blocked & quarantined. I created the same sandbox rule as yours. My best guess is I think there is a compatibility issue with the comodo sandbox and your other security software.

[attachment deleted by admin]

would it be worth re installing CFW? could the program be corrupted somehow?
I guess I’ve nothing to lose in trying…
Many thanks for your help… I have to go teddy time now… early start in morning… will try again tomorrow… :-TU cheers.

hello again…ok, I set up the same rule on my laptop, ran the program from ‘malware’, and ■■■■!! Go To Jail!! program instantly quarantined!! :slight_smile: So I have absolutely no idea what is happening with my desktop! time to format and install from scratch, just in case something nasty is causing the problem…
A big thanks to futuretech for all the help! :-TU

update… EAM was causing the problem, so I’ll have to see about trying to correctly configure them to work in harmony… also, is there a way of getting EVERYTHING in the ‘malware’ folder to be quarantined when run…for instance, a file which needs to open a program to run… ie, a PDF file will need a reader, and so on…

I know what you mean but unfortunately its not possible to sandbox non-executable files, the sandbox rules only apply to executable files specifically files with a .exe file extension. As it works now is if you create a block/quarantine rule for a pdf or office document reader application, the pdf/office application itself will be blocked/quarantined, not the file that is being opened.

ah, ok… so for experimental purposes, if I were to set up a ‘run virtually/ restricted’ rule for the folder, how would I go about getting the pdf/office application to run virtually when opening the file?

Either you manually right-click the .pdf in question and click “Open in COMODO Sandbox” (Every single time) or you set up a rule to ALWAYS sandbox the pdf application. There is currently no way to set up automatic sandboxing of non-executable files, to the best of my knowledge.

aah, okay… thanks to everyone for your help…and patience!! the learning curve continues… :wink: