Programs on cloud whitelist being sandboxed [Resolved]

The bug/issue

  1. What you did:i had bunch of programs i use whitelisted and i verified they were whitelisted by removing them from my trusted files and they were not sandboxed. i only have the firewall and defense + installed at the time. i recently switch to the full suite and now a lot of those programs are being sandboxed again.
  2. What actually happened or you actually saw:
  3. What you expected to happen or see:no files be sandboxed that i know are in the cloud and trusted. and some files are automatically getting added to my trusted files. idk if this is supposed to happen or not?
  4. How you tried to fix it & what happened:
  5. Details (exact version) of any software involved with download link:
    executor:
    Executor
    tag&rename:
    http://www.softpointer.com/tr.htm
    safeconnect: (i had to email the exe to comodo staff because the file is only accessible to new people on our network that dont have it installed yet)
    http://www.impulse.com/
    rainmeter:
    Rainmeter, desktop customization tool
    notepad ++:
    http://notepad-plus-plus.org/
  6. Any other information you think may help us:

Files appended

  1. Screenshots illustrating the bug:screen shot of my about screen for cis and all the files that i had put into my trusted files so that they were not sandboxed
  2. Screenshots of related event logs or the active processes list:
  3. A CIS config report or file.
  4. Crash or freeze dump file:

Your set-up

  1. CIS version, AV database version & configuration used:proactive security (when i only had the firewall and defense + i had that setup with maximum settings and never had a problem)
  2. Whether you imported a configuration, if so from what version:
  3. Defense+ and Sandbox OR Firewall security level:defense + safe mode sandbox partially limited
  4. OS version, service pack, no of bits, UAC setting, & account type:win 7 pro 32 bit uac disabled admin
  5. Other security and utility software running:avast antivirus (disabled only have it to gain access to my schools network. cis is not on their list of avs that are allowed but at the time i had only the firewall and defense + i still have avast so nothing has changed)
  6. Virtual machine used (Please do NOT use Virtual box):

[attachment deleted by admin]

Thanks for an excellent bug report. Could I just check:

  1. Is Block all requests when the application is closed checked?
  2. Do these files appear anywhere else in D+. Please check all views in the computer security policy plus unrecognised files

Many thanks

Mouse

I have a laptop running Win7 HPx64, with the latest version of Comodo Firewall and Defence Plus. Each time I start the laptop it keeps giving me a notification that MsMpEng.exe has been sandboxed. It also shows MpCmdRun.exe in the sandbox. Both files are already in the trusted files list. Both are part of Microsoft Sec Essentials. This problem did not exist in the earlier version of the Firewall & Defence Plus.

just trying to help make cis best it can be

  1. no it is not
  2. i didn’t see them anywhere else

I think we need to double check these files are trusted if you don’t mind. Could you delete them from trusted files again, then add them to unrecognised files and do a lookup?

I’m assuming you have ‘automatically scan unrecognised files in the cloud’ ticked? And you have no web access problems?

Finally could you append a screenshot of your defense plus eventlogs please, showing the files being sanboxed?

Many thanks

Mouse

Actually I dont think its a bug but may be a prob with cloud or your net connection. I mean when you accessed the whitelisted cloud app they were sandboxed instead of them to be trusted, may be at that very time the cloud couldn’t be contacted or was inactive for a while or the network got down for a while. This may be possible. I am talking this coz of my personal experience.

I know few apps which are whitelisted in the cloud. And I have tried this scenario. Mostly if the apps are whitelisted in the cloud they dont produce popups & they are in the trusted lists but sometimes it happens that (may be cloud or network prob) the whitelisted apps are sandboxed but you will see within few mins the apps are automatically shifted from unrecognized to trusted.

So I guess may be the cloud could not be contacted that time as it was inactive that time for a short period or the net connection issues that time for a short period.

Thanxx

Naren

i actually think it was my internet connection. i think at the time i was quartined from the network for some reason causing those apps to be sandboxed.

OK yes certainly if your connections was down when these files were being launched CIS would fail safe and they would be sandboxed.

So I think we can mark this resolved. If you encounter evidence to the contrary please PM a mod and we will move back.

Best wishes

Mouse