I have the following rule in my rule sets for the sandbox:
Action: Run virtually
Target: All applications
Reputation: Unrecognized
Location: any ; Origin: any
Options: I enabled restriction level and I set to Limited.
Now the problem is that when i got malware samples that comodo did not detected and i ran them by double clicking comodo virtualized them, however the majority of the sample were virtualized and partially limited not virtualized and limited.
I used killswitch to see the restriction level. If anyone can help I would appreciate it. or may be it is a bug
From my experince the restriction level in the sandbox actually does apply if the program does not bypass the restriction level set. However for malware that bypass the restriction level it well run as partially limited. I tried all the restrictions available.
You should probably report it as a bug here: Comodo Forum With the required format so that Comodo can reproduce this issue and hopefully find a solution.