Sandbox is too intrusive

I’m running this new version of CIS for 2 days on a brand new system (WinXP Pro SP3).

Till now the sandbox feature has given me nothing but headaches, as it puts my everyday programs (Pagemaker, TextPad, Mouse & Key Recorder etc) in sandboxes without asking, and prohibits the programs from saving files and limiting them in other ways. Even my bluetooth control application was sandboxed. On the next start, I had to redo the settings…

I’d much rather be asked "I don’t know this program. Do you think it’s safe or want it sandboxed?’
then I can decide what I want.

I’m running Sandboxie anyway for unknown content, so I switched this feature off for now. Good idea, bad implementation.

Reminds me… “You get what you paid for”
This truly is beta functionality.

Otherwise… Comodo Firewall is unbeatable, keep it up and thanks.

Sorry that you are having this problem.

You can prevent this by adding programs you know to be safe to ‘My safe files’. You can fnd more information from the ‘Introduction to the Sandbox’, link in my signature.

Best wishes

Mouse

It sometimes will continue to sandbox things that have been added to My Safe Files. It will do so without any alerts that it is happening. It will do the same thing to files from vendors in the trusted list as well.

Sorry you are having these problems too!

I have experienced and reported this bug, which has only happened on my machine once. So it should be fixed. Possibly it can happen for good reasons too - for example if a file signature is incorrect, then the file maybe malware. But certainly a log entry should be made.

It will do so without any alerts that it is happening.
. Not in my case, but if you have found this please do a bug report.
It will do the same thing to files from vendors in the trusted list as well.
This only happens occasionally in my experience, and can happen for good reasons. For example some vendors have more than one code signing authority, and some files from the vendor may be unsigned or signed by the wrong authority. I had a windows file like that yesterday. In the case of windows files, files may be the wrong version for the OS catalogue, at least according to reports from one user. Obviously such discrepancies can also indicate malware, so certainly a log entry should be made. If you have found an example that is not explained by the above - please do a bug report.

NB A general work around, only to be used if you know the file is safe, is to define a file as an installer/updater in the computer security policy

Endymion, in a post that I accidentally ‘moderated’, just reminded us that if sandboxed files run a safe file the safe file will be sandboxed (and what I did not know), it will be sandboxed without an alert.

I have apologised and asked him to re-post, as his post was very useful.

Mouse

I have managed to get the text of Endymion’s post back - here it is:

Quote from: Dch48 on Yesterday at 23:16:20 It sometimes will continue to sandbox things that have been added to My Safe Files. It will do so without any alerts that it is happening. It will do the same thing to files from vendors in the trusted list as well.

This is indeed possible when a trusted executable is started by an unrecognized/untrusted one one or a batch file.

eg: notepad.exe is trusted but it will be sandboxed if launched with a batch file.

Code: (test.bat)
start notepad

there will be a sandbox notification for the batch file (test.bat) but none for notepad.exe

When it sandboxes something without notification, what I mean is that you get no popup that it has been done but there is a log entry showing that it was. When you tell it to never sandbox the file again, the only thing it does is never notify you again. It will do no good to post a bug report because the files in question were game files published and digitally signed by Valve and Comodo says they have no intention of whitelisting game files. (which is disappointing at best, infuriating at worst)

As far as defining a file as an installer/updater goes; Isn’t the sandbox supposed to automatically recognize things as such and not sandbox them? This is another thing that it absolutely does not do correctly. I am currently running CIS4 set up to run like v3 and I see no reason to ever change that. Hence I see no reason for the sandbox to even exist. It does not enhance usability, it further hampers it.

I understand your frustration, but the sandbox will get better we are promised.

I understand. His usually means that another sandboxed file is running the file. If you can find out which, and unsandbox that file you should resolve this. A simple way of doing this, if th files are from the same vendor, is to make the vendor trusted. Then reboot.

It will do no good to post a bug report because the files in question were game files published and digitally signed by Valve and Comodo says they have no intention of whitelisting game files. (which is disappointing at best, infuriating at worst)
Even if Comodo won't you can, via add a trusted vendor, unless C has prevented this. Then reboot.
As far as defining a file as an installer/updater goes; Isn't the sandbox supposed to automatically recognize things as such and not sandbox them? This is another thing that it absolutely does not do correctly. I am currently running CIS4 set up to run like v3 and I see no reason to ever change that. Hence I see no reason for the sandbox to even exist. It does not enhance usability, it further hampers it.
Yes this is a work around. This resolves problems when they are due to CIS's integrity maintenance, eg when files are bounced out of my safe files on reboot, because there is already an overlapping rule.

Hope this helps a bit.

Mouse

When the log says the file is in the sandbox, it is the only file shown as being there, so it is not being run by another sandboxed file. When that very same file is used to add the vendor (Valve) to the trusted vendors list, it still gets sandboxed without notification, even after rebooting.

I would try applying the installer/updater predefined policy to the file in the computer security policy (after first ensuring it is not in My Safe Files).

If this does not work then some deep investigation is needed with Microsoft process explorer (freeware) if you are up for it!

Best wishes

Mouse

No–not up for that. I just run with the sandbox disabled and all is well.