Restriction Levels in Sandbox

Hi everyone

I have the following rule in my rule sets for the sandbox:
Action: Run virtually
Target: All applications
Reputation: Unrecognized
Location: any ; Origin: any
Options: I enabled restriction level and I set to Limited.

Now the problem is that when i got malware samples that comodo did not detected and i ran them by double clicking comodo virtualized them, however the majority of the sample were virtualized and partially limited not virtualized and limited.

I used killswitch to see the restriction level. If anyone can help I would appreciate it. or may be it is a bug

Great question!
Interested to hear more about this from other members here.

Anyone care to help out the original poster? ???

I Think no one cares

Hi, this could be a bug, however I am curious about whether or not the restriction levels within the FV sandbox work or not.

Try setting it to restricted or untrusted and see if it still just sets the programs to partially limited.

From my experince the restriction level in the sandbox actually does apply if the program does not bypass the restriction level set. However for malware that bypass the restriction level it well run as partially limited. I tried all the restrictions available.

You should probably report it as a bug here: Comodo Forum With the required format so that Comodo can reproduce this issue and hopefully find a solution.