Protected Data Folders active for FV sandbox not other BB Levels [M914]

1. The full product and its version:
COMODO Internet Security 7.0.312140.4101 RC

2. Your Operating System (32 or 64 bit) and ServicePack revision. and if using a virtual machine, which one:
Windows 8.1 64-bit | Real system, i.e no virtual machine.

3. List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?:
Too many changes, will attach a configuration file.

4. Did you install over a previous version without uninstalling first, or import a previous configuration file?:
Updated using the internal updater in CIS 7.0.308911.4080 BETA which carried over the configuration file and had it enabled by default.

5. Other Security, Sandboxing or Utility Software Installed:
Zemana AntiLogger Free

6. Step by step description to reproduce the issue. Or if you cannot reproduce it, what you actually did before it happened, step by step:

[ol]- Set up a folder with a file in the Protected Data Folders.

  • Open a program in FV and try to read the file (It will fail)
  • Open the same program in Partially Limited and try to read the file (It will be able to read the file)
  • Open the same program in Partially Limited and try to edit the file (It will be able to edit the file)[/ol]

7. What actually happened when you carried out these steps:
The general actions were not allowed in FV sandbox but were allowed in PL sandbox.

8. What you expected to see or happen when you carried out these steps, and why (if not obvious):
Protected Data Folders should be active for all different levels of sandboxing.

[attachment deleted by admin]

HI Sanya

Thanks for this.

I am running MC BB’d as PL (confirmed in KS), and I cannot even see the file (a .rtf file)!

Run it unsandboxed and it is there.

Any thoughts? (Maybe check for BBing in KS?)

I am using c:\temp as my protected folder and the path in protected folders reads C:\temp*

I have standard folders in protected files. Cannot see c:\temp.

You can see in the video that I double-checked that it was run as Partially Limited.

Edit: Could be it’s just an issue on my computer, if so then whatever, I don’t use BB anyway.

I will try testing with a different app later…

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

I uninstalled CIS 7 RC following Chiron’s guide, I then installed the latest version 7.0.313494.4115 and then imported my config that I had during the RC and BETA and I’m still having this issue, so either I’m thinking it might be an issue with my config file… Mousie, if possible, could you try it with my configuration I supplied in the first post?

Sanya, can you see what happens if you do not import your old configuration before checking?

Just re-tried it after switching to the default proactive configuration, still having the same issue.

As this was not fixed during the Beta testing period I will move this bug report to the main Bug Reporting Board.

Please check and see if this is fixed with the newest version (7.0.313494.4115)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

Well… As I said just a few posts above ??? It’s not fixed in CIS 7.0.313494.4115

Sorry, I’m trying to do too much at the same time. :-\

Thanks for checking this. I’ve now updated the tracker.

Partially fixed in 7.0.315459.4132

Now application sandboxed as Partially Limited is NOT allowed to MODIFY an EXISTING file in a PDF (Protected Data Folder). - Expected behavior.
However application sandboxed as Partially Limited IS ALLOWED to CREATE a NEW file in a PDF. - Not Expected Behavior (Expected is not allowed to create or modify files in a PDF at all)
And application sandboxed as Partially Limited IS ALLOWED to READ files in a PDF. Not Expected Behavior (Expected behavior is not allowed to read files in a PDF at all)

What do you mean when you say that an “application sandboxed as Partially Limited IS ALLOWED to CREATE a NEW file in a PDF”? What does it mean to create a new file inside a PDF file?

Also, about how an “application sandboxed as Partially Limited IS ALLOWED to READ files in a PDF”, what do you mean by reading files within a PDF file? What does it mean when you say it can read files inside another file?

I think I’m confused about the wording. Can you please clarify?


PDF as in Protected Data Folder so “[…] CREATE a NEW file in a PDF” is “[…] CREATE a NEW file in a Protected Data Folder” (Same for the other examples)

Okay, thank makes much more sense. Thanks for clarifying. I’ve now updated the tracker.

Is there any fix pending for this bug at the moment? I was surprised to see this significant bug existing in a considered-stable release.

I’m sorry, but I do not have any information about that.

Any partial fix I mentioned for this bug seems to have been nullified in the latest version, it’s back to the original behavior I reported in the start of this topic. I’m thinking that something might have gone wrong in my earlier testing because I can now edit pre-existing files in a Protected Data Folder from an application that is run as Partially Limited.