Restriction Levels in Sandbox

Man9our · January 13, 2015, 7:41pm

Hi everyone

I have the following rule in my rule sets for the sandbox:
Action: Run virtually
Target: All applications
Reputation: Unrecognized
Location: any ; Origin: any
Options: I enabled restriction level and I set to Limited.

Now the problem is that when i got malware samples that comodo did not detected and i ran them by double clicking comodo virtualized them, however the majority of the sample were virtualized and partially limited not virtualized and limited.

I used killswitch to see the restriction level. If anyone can help I would appreciate it. or may be it is a bug

Dustyn · January 14, 2015, 2:07am

Great question!
Interested to hear more about this from other members here.

Dustyn · January 17, 2015, 11:27pm

Anyone care to help out the original poster? ???

Man9our · January 18, 2015, 12:27am

I Think no one cares

Netguy101 · January 18, 2015, 1:41am

Hi, this could be a bug, however I am curious about whether or not the restriction levels within the FV sandbox work or not.

Try setting it to restricted or untrusted and see if it still just sets the programs to partially limited.

Man9our · January 18, 2015, 2:33am

From my experince the restriction level in the sandbox actually does apply if the program does not bypass the restriction level set. However for malware that bypass the restriction level it well run as partially limited. I tried all the restrictions available.

Netguy101 · January 18, 2015, 2:40am

You should probably report it as a bug here: Comodo Forum With the required format so that Comodo can reproduce this issue and hopefully find a solution.