Sandbox on allows protected files to be modified

HI,

I have put a single file for testing in “My Protected Files”.
I have a version WinHex that Comodo Defense+ will not detect as safe.

Scenario 1:
Sandbox on, default settings or “Automatically trust files from trusted installers” off.
1 Defense+ Alert pops up: Winhex global hook on itself.
No matter what I do, block, allow cancel, whatever.
SandBox pops up informing about status.
Now I open my protected file for editing and I can freely save and modify it.
It is not Virtualized or Protected in ANY way…

Scenario 2:
Sandbox off.

  1. Alert: execute Winhex?
  2. Alert: global hook as above
  3. Alert: on keypress: access keyboard
  4. Alert: on save → modify a protected file!!

Now it works…

This seems like a MAJOR bug!

CIS4 4.0.138377.779

I tried. I made an innocuous txt file a protected file. I tried in Internet Security and Proactive configs with sandbox enabled and D+ in Safe Mode. Allowing of denying global hook was of no consequence. I could change the file.

With Sandbox disabled and the same settings as described before I would get an alert when trying to save.

Before testing the above I tested the following and with hindsight it interestingly differs.

I put an innocuous text file in the system 32 folder. I loaded the text file from system 32, edited and tried to save and failed.

I tried in both Internet Security and Proactive Security with both allowing and denying the Global Hook. D+ was always in Safe Mode. I let is sandbox in all scenarios and I couldn’t save the changes.

I am on Win 7 x32.

It looks like protecting a single file fails where protecting a complete folder will work.

Can you test this JoeCool?

Didn’t egemen post sometime previously that the user physically making a change to a file will always be allowed, but another file trying to alter that file would be flagged? I can’t find it, but I thought he did.

That was my initial thought as well. I have described as CIS being the Nanny of programs not the Nanny of (stupid or silly) user’s decisions.

However there seems to be a difference when a file is in a protected folder or when a single file is defined. I am waiting for other tests to see what is happening.

HI,
I tried with my protected Folder before and there was no difference.

Settings I tried:
e:\dir*
e:\dir*
e:\dir\file.txt

all with the same results.
As soon as the SandBox is on unknown or Pending executables can freely modify my protected files.

But maybe I’m doing something wrong. I just recently upgraded from CIS3 and started over with my configuration.

Please read this post here also:
https://forums.comodo.com/defense-sandbox-help-cis/sandbox-security-hole-check-this-out-t54273.0.html

Thanks for the Link,

I read it before but I didn’t think it applied here (my software was not detected as a safe executable).
To add more info:
I have my Defense+ setting at Safe.
OS is Win7 Ult x64.