Sandbox does not handle top-most applications effectively [M1140]

A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
Yes, Every time.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: I’ve made a test application that attempts to set on-top of everything.
2: Run test.exe in sandbox with any restriction level.
3. Try to use “Reset Sandbox” task while test application is running.
One or two sentences explaining what actually happened:
Upon running the test, a green picture sized at 400x400 will appear (deliberately, did not make it fullscreen). This picture is actually a gui with a background that is missing title bar-- being unmovable this and there.
Also, this application can be closed trough the task bar (on purpose).

Restriction level will not make any difference (e.g. using “Untrusted”). Thus, we have a picture on-top of everything while being unable to move it-- being an issue.

If a software compatibility problem have you tried the conflict FAQ?:
Any software except CIS/OS involved? If so - name, & exact version:
Any other information, eg your guess at the cause, how U tried to fix it etc:
The sandbox is probably not imposing restriction(s) that might alleviate this issue.
This application makes use of WS_SYSMENU, WS_POPUP, WS_EX_TOPMOST.

Exact CIS version & configuration:
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
Default Configuration.
Have U made any other changes to the default config? (egs here.):
Have U updated (without uninstall) from CIS 5 or CIS6?:
if so, have U tried a a a clean reinstall - if not please do?:
Have U imported a config from a previous version of CIS:
if so, have U tried a standard config - if not please do:
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
OS: Windows 7 Home Premium 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.140303-2144)
UAC: 1/4
Account type: Administrator
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=None b=None

[attachment deleted by admin]

I see this as a slightly different issues. I wonder whether it would be a good addition to the bug report here. What do you think?


They’re all linked if you ask me. If you want, you can merge the posts.

They are all related. That’s for sure. However, I need to be careful. Under a single bug name I try not to group issues where it is possible for one to be fixed and not another. Therefore, the other one seemed closer in that way.

What I had really meant to ask you though, was whether you thought it is fine to just group it under the other report, or do you think it deserves its own?


I think another bug report might be better because there is a new addition-- a bypass. The other report is using different technique(s) with the same goal.

Okay, I’ve split this into its own topic, and changed the title. Please edit the first post so that it is in the required format. Also, feel free to change the title however you like. I just quickly tossed this on, but it’s not necessarily the best description.




Thank you for editing the first post. However, I have a question. You mentioned that using Reset Sandbox was not able to kill the test application. However, Reset Sandbox only applies to applications run as Fully Virtualized, or in the Virtual Desktop. Now that you bring it up it is likely a different issue that Reset Sandbox seems that it should apply to the Auto-Sandbox levels as well, but as it is a different issue I will just ask whether this is an issue, or just a misunderstanding as to what that button does.


It should kill any running applications and clean contents.

It actually only affects applications running as Fully Virtualized. If it’s running on the real computer, and sandboxed as Partially Limited, Limited, Restricted, or Untrusted hitting that button shouldn’t do anything. At least that’s my understanding. If you’ve ever seen it affect an application sandboxed at one of the levels I just listed, please let me know.

I didn’t read any descriptions or something since I just know that is the simple way it should work based on my intuition.
I’ve tested with Google Chrome, as example, since I do not know what is intended.

Run Google Chrome as :

  • Fully Virtualized – can be killed trough Reset Sandbox
  • Partially Limited – can be killed trough Reset Sandbox
  • Limited – can be killed trough Reset Sandbox
  • Restricted – can be killed trough Reset Sandbox
  • Untrusted – can be killed trough Reset Sandbox

It is safe to assume that it is intended behavior then. Confirmed issue.

How did you test Google Chrome sandbox levels? Did you remove Google Chrome from the trusted list and then let the auto-sandbox deal with it or did you set it up in the advanced settings to always sandbox Google Chrome and then set the restrictions levels there?

If you did the latter, i.e set it up in the advanced settings, then it will be run as FV plus the restriction you choose, meaning it is still run as fully virtualized and hence the reset sandbox killed it, however if you removed it from trusted files list etc and let the auto-sandbox take care of it when it was set to for example Partially Limited, then it shouldn’t have been killed by reset sandbox, if it was then that itself would have been an issue since it isn’t supposed to do that, although it would be nice in my personal opinion.

Thanks for the help. I’ve tested it with unrecognized application now. I will remove the second issue from first post.

Well, now that’s a bit confusing.

Okay, so just to summarize the Reset Sandbox issue, is it correct that unless something related is sandboxed as FV (or set to be sandboxed as FV), that Reset Sandbox will not affect the sandboxed process?

Yes. I’ve removed it from first post.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time, availability, and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.

If you are able please check with the newest version (CIS version and let me know if this is fixed on your computer with that version.

Thank you.

Not fixed in version <>. I’ve updated tracker data.

Thank you.