Protected Data Folders - how it works

[Edit: Update - clearer statement of purpose and behavior from release notes]
New data security feature which makes important files completely invisible to programs running in the sandbox. Files placed inside a ‘Protected Data Folder’ cannot be read, accessed or modified by any sandboxed application.
[/Edit]

To get you started Google cache here: http://webcache.googleusercontent.com/search?q=cache:DPi-qRz2VAwJ:help.comodo.com/topic-72-1-522-6384-.html+&cd=1&hl=en&ct=clnk&gl=uk

Here is text:

Protected Data Folders

CIS enables you to specify folders containing your valuable and sensitive personal data or application data and to be protected from access by other programs, especially malicious programs such as virus, Trojans and spyware. The valuable folders contained in the folders added to the ‘Protected Data Folders’ list will be denied anyone and any program the ability to modify the file - avoiding the possibility of accidental or deliberate sabotage. If a folder is ‘Protected’, the files in it can still be accessed and read by users, but not altered.

Clicking the handle at the bottom of the interface opens an options panel with the following options:

Add - Allows you to add folders to Protected Data Folders list.

Edit - Allows you to edit the path of the added folders.

Remove - Deletes the currently selected folder.

You can use the search option to find a specific folder in the list by clicking the search icon at the far right in the column header and entering the folder name in full or part. You can navigate through the successive results by clicking the left and right arrows.

To add a folder to be protected

Click the handle from the bottom center and select 'Add'.


Navigate to the folder to be added and click OK. The folder will be added.

Click OK in the 'Protected Objects' interface.

To edit the path of a protected folder

Select the folder to be edited

Click the handle from the bottom center and choose 'Edit'.

The Edit Property dialog will appear.

Edit the file path, if you have relocated the folder and click OK

To remove an item from Protected Data Folders list

Select the folder from the list, click the handle from the bottom and choose 'Remove'

The selected folder will be removed from the protected folders list. CIS will not generate alerts, if the folder is subjected to unauthorized access

I don’t think it’s working correctly, or at least not as the help files state. I’ve made a video showing the issue here (still processing)

Thing is I’m not sure whether it’s a bug or if it’s the help file that is wrong.

Thanks Sanya

Please report as bug citing help file. One must be at fault, and we have the ability to record help file bugs in Bugzilla now.

Will do.

Edit: Bug report can be found here: https://forums.comodo.com/bug-reports-beta-corner-cis/protected-data-folders-doesnt-work-as-help-files-claim-t101441.0.html

So this sort of works the same as Panda Data Shield? If malware tries to encrypt protected files, it will be denied?

If this is true, it would be smart to auto add My Documents folder automatically on installation of CIS. Like Panda Cloud does.

Thanks very much

Is this feature on by default or does the HIPS need to be turned on?

It works if HIPS or the BB is on. In HIPS you get and alert in BB you get a silent block.

Thanks mouse. That makes sense.

It would make more sense if unknown apps were unable to modify them, but signed and whitelisted should. That’s how Panda Cloud data protection feature works. Files are acessible and editable like any other, for as long as you use whitelisted/signed trusted apps.

Agree!

That’s what happens so long as you have BB on.

Main problem with CIS as i see it now is that too many features are tied to BB or HIPS alone. Disable one and half of features just do nothing (even though they are enabled) even though they are basically a stand alone feature that shouldn’t be tied to anything.

Viruscope for example. Why is it tied to anything? If it’s enabled it should monitor malicious behavior regardless if you use BB at all or HIPS. It’s just so overwhelmingly confusing it’s really weird as no one really knows what goes down when you disable something. Not even long time Comodo followers and developers seem to be very secretive about it as well.

I agree that implicit dependencies are a problem. The GUI needs to make them explicit. There is logged wish about this. VC has its challenges in this respect.

I also agree that extending the scope of VC is probably required for it to realise it’s potential. My guess it they are being cautious because its a technology that hooks in really deeply.

Best wishes

Mouse

Now we have a clearer statement of purpose and behavior, would anyone like to test?

"New data security feature which makes important files completely invisible to programs running in the sandbox. Files placed inside a ‘Protected Data Folder’ cannot be read, accessed or modified by any sandboxed application. "

Discussion of what you find here, but bugs in the Beta Bugs Board please :slight_smile:

Best wishes

Mike

I think they mean autosandbox (partially limited etc…)…since if a program is running inside the “real sandbox” then it is completely isolated from the rest of the system, so cannot modify any file there…right??

The purpose is also to make them invisible, a program inside the FV sandbox can usually read normal files on the real system, however if you add those files to the Protected Data Folders then the programs in the FV sandbox can’t even read the contents, the executables won’t even know they’re there.

Ok but…let me understand this thing: put the case i accidentally run cryptolocker outside the FV sandbox…in this case, on default settings, CIS will run it as partially limited…but, as far a I understood, it will be able to read and crypt files contained in protected data folder…right? To save my files, I have to run the malware in FV sandbox in any case, this is the concept, am I right?

I’m not sure, haven’t tested it, I’ll take a look.

As said above…too many features not well explained…