Rollback RX and the sandbox

I would like to upgrade my CIS from v3 to v4 but I am very worried about the behavious of the sandbox in relation to Rollback RX, a program that replaces Windows System Restore by using snapshots.

I installed CIS v4 on my wife’s new Win 7 based laptop and it put all programs into the sandbox. While it is easy to allow them to run normally again, I’m not sure that if it would prevent Rollback from taking its usual snapshot of the entire hard drive? I’m also concerned that it may prevent Rollback from working altogether because the latter runs in the root of the system.

Can anyone please clarify whether I would have a problem as Rollback RX is essential to my particular system?

In case the Rollback executable are not white listed you can choose to add them to the My Own Safe Files.This way they won’t be sandboxed. Notice you need to restart applications to when you added them to the My Own Safe Files.

Or when you get the sandbox alert you can tell it to not run Rollback in the sandbox next time it starts.

Thanks for your reply but my concern is that Rollback will be intercepted as soon as Comodo v4 has been installed and the PC restarted. Is there any way I can white list Rollback before restarting?

You mean after installing CIS? Yes you can. First tell the installer not to immediately restart. Then open CIS and you can then start making Rollback RX trusted.

The best way to go is first trying to add the Rollback publisher to My Trusted Software Vendors list; that will only work when the Rollback executables are digitallly signed.

Then add all .exe, .bat and .com files you can find in the installation folders of Rollback to My Own Safe Files. Also make sure to check in Program Files\Common Files\ as well as documents and settings or User\AppData folders for executables.

Excellent. Thanks very much!
That should do the trick then. :slight_smile:

Back again!
I’m having trouble installing the new version. This may be due to the method I used. Here’s what I did:

  • uninstall v3 using Comodo’s provided uninstaller (in the hope that I don’t lose all my firewall and AV settings),
  • when asked to reboot I didn’t because I don’t want to expose my machine in a completely unprotected state. Instead, I immediately installed v4,
  • installation error reported followed by automatic rollback leaving me unprotected.

Fortunately, I had disconnected from the net before attempting this and as my machine is equipped with Rollback RX I was able to go back to the state before uninstalling v3.

Any comments on how to achieve this correctly without exposing my PC would be greatly appreciated please.

Skipping the reboot is what most likely got you into troubles here as some files will be deleted on the next reboot.

When you want protection when going on the web simply enable Windows Firewall; I do that each time when doing a clean install of CIS and works without a problem for me.

Or you can get the offline installer from Offline CIS 4.0.138377.779 Installers or Filehippo.

Thanks Eric. I will try the offline installer. For that, do I need to boot into safe mode first?

It won’t install in safe mode because it uses Windows installer which doesn’t work in safe mode.

So unplug while uninstalling and installing or switch on Windows Firewall.

Ok, I got it installed correctly and spent over an hour configuring the white list for Defense+. All was fine until I left my machine on all night and arrived this morning to find that something had gone seriously wrong with UnHack Me. I was forced to use Rollback to return to the previous day’s state which was prior to me installing CIS v4.

I have now reinstalled CIS but, rather than waste time reconfiguring it totally, I would like to replace the rules file with the one I setup yesterday. As Rollback took a snapshot before rolling back this should be easy, if I know where the rules file is located.

I’m using Vista ultimate x86 Eric. Assuming that CIS has no option to restore previous configurations, do you have any ideas where this file can be found please?

Can you describe in more detail what the problem was with UnHack Me?

You can export/import your settings under Miscellaneous → Manage My Configurations.

I got a message saying that there was no file associated with UnhackMe.exe and Windows went into a 100% resource usage attempting to do something with it. The PC just wouldn’t respond, even after waiting for several hours! Finally I was forced to power off and rollback.

I went out this afternoon and when I came back the same thing had happened, despite having imported my previous configuration which told CIS not to run UnhackMe in the sandbox. Unfortunately, it seems to have run plenty of programs in the sandbox which has crippled them.

I’m going to attempt disabling the sandbox and rebooting. If that doesn’t cure this problem I will have to rollback to CIS v3. Will Comodo continue support (virus definitions) for v3 or are all users going to have to upgrade to v4?

For now the AV definitions for 3.13, 3.14 and v4 are still in the same.

When needed you can go to Windows Safe Mode and disable the sandbox from there. That may make things easier for you.

I ended up rolling back to v3. The sandbox and pro-active security were causing me too many problems. One such issue was with a memory optimization program I have. CIS created havoc with that!

My personal view is that when an unknown program runs it should be intercepted and there needs to be 3 or 4 options given. These would be:

  1. Allow (do not run in sandbox and add author to trusted vendors list)
  2. Run in sandbox (but ask me again next time this program is run)
  3. Block this time (and submit file to Comodo for verification)
  4. Block (and create a rule to block always)

Globally speaking, the main problem was that running my authorized programs in the sandbox caused them to be unregistered and display as having an expired trial period. So many of these programs are critical to the daily use of my machine and the running of my company. Turning off the sandbox and rebooting did not help because the damage had already been done. For example, when relaunching my accountancy programs they continued to show as unregistered with licence expired.

I think sandboxing is a great idea, as long as the user can decide what he wants run in it.