Hello all. I installed CIS 5 and read the forum a bit, but I still have some questions.
Whenever D+ alert comes up there is an option to run application sandboxed (Sandbox button), so does this button run the aplication in full (on demand) sandbox, or auto-sandbox? I know they’re not the same thing.
Let’s say I have an unknown program that runs in auto-sandbox, If I press “Check” (in unrecognized programs window) it says “unknown” (with a ? sign on blue ball) if I press “Submint” it says “Already sent” with a check mark on green ball (Sub question: does that mean I already sent it once, or is it already in database \ pending?) Question is: how long does it take to unrecogized file to become “Recognized”?
Let’s say I have a few unrecognized programs running in auto-sandbox, and I have REALLY suspicious file, that I start in on-demand sandbox (becourse of virtualization) let’s say I want to know what the file does without risking anything - if you need the reason. The suspicious file turned out to be a nasty virus that among other things created many proccesses (for question’s sake, let’s pretend that I ignored all the warnings). The question is: how do I terminate virus’ proccesses (Empty sandbox) WITHOUT restarting or termaniting unrecognized auto-sandboxed processes? If that can’t be done maybe Comodo developers should add “Terminate sandboxed (not auto-sandboxed) proccesses and clear sandbox” … I hope that made sense…
P.S. Excuse my English, since my language is Russian (and CIS is in Russian) I tried my best to translate buttons and such.
it gets put in the auto-sandbox the only way an application gets put into the on demond sandbox is when you add it to defense + - computer security policy - always sandbox
Let's say I have an unknown program that runs in auto-sandbox, If I press "Check" (in unrecognized programs window) it says "unknown" (with a ? sign on blue ball) if I press "Submint" it says "Already sent" with a check mark on green ball (Sub question: does that mean I already sent it once, or is it already in database \ pending?) Question is: how long does it take to unrecogized file to become "Recognized"?
this means comodo already has the file submitted from someone not necessarly you.
it can vary on how long it takes them to analyze it. there is no set time
if you need the file analyzed faster here is a tutorial and how to tell if a file is malicious:
https://forums.comodo.com/virusmalware-removal-assistance/how-to-tell-if-a-file-is-malicious-t53907.0.html
also if you want an application added to the whitelist do it here:
https://forums.comodo.com/news-announcements-feedback-cis/submit-applications-here-to-be-whitelisted-2011-t66773.0.html
Let's say I have a few unrecognized programs running in auto-sandbox, and I have REALLY suspicious file, that I start in on-demand sandbox (becourse of virtualization) let's say I want to know what the file does without risking anything - if you need the reason. The suspicious file turned out to be a nasty virus that among other things created many proccesses (for question's sake, let's pretend that I ignored all the warnings). The question is: how do I terminate virus' proccesses (Empty sandbox) WITHOUT restarting or termaniting unrecognized auto-sandboxed processes?
If that can't be done maybe Comodo developers should add "Terminate sandboxed (not auto-sandboxed) proccesses and clear sandbox" ............... I hope that made sense....
the only way to empty the sandbox is the ways you mentioned. Comodo is always improving their products and the sandbox is still fairly new. I think this feature will be added eventually i just dont know when. There are wish in the wishlist that ask for this feature hopefully comodo adds them soon
P.S. Excuse my English, since my language is Russian (and CIS is in Russian) I tried my best to translate buttons and such.
everything made sense to me and welcome to the forums.