Sandbox: option to prevent sandboxing

CIS automatically sandboxes applications giving the option not to sandbox them at next start. it is sometimes tricky, especially after some major system changes and updates. one has to add all the software to the safe list and then restart it to allow full usage.

It would be great to have an option to prevent the sandboxing, at the time of notify message appears. There should be an option to “allow this application to run outside sandbox” with additional setting like: “once”, “always”. (“always” would then add the software to the safe list).

[Currently using latest 4.1 version]


I had a similar wish here, but I like your idea better.

Please add a poll so I can vote for it.

Here you are. :slight_smile: I hope not only you will be interested in voting…

by the way i see that the new comodo (5) has the sandbox dialog much simpler - there are almost no options on it.

that is not a good idea. and the link to “hide sandboxed notification” can cause that somebody clicking it by mistake will not even know why some applications do not work (they will be sandboxed in the background without notification).

there should not be possibility to permanently disable sandbox notifications on the notification itself! the option should be available in advanced configuration only.

I am not a beta tester, but hope somebody reads the general-forum to gather the list of changes/fixes.

+1 :-TU

CIS should prevent the program from running until user has made an option in the sandbox alert, whether to sandbox or not just like defense+ alerts.

I think it’s fine the way it is. If you don’t want the application sandboxed, at the alert tell CIS no to isolate it again. Then the next time the application is run, it won’t be sandboxed.


These options are a must have.

For good measure, the option should probably make mention of restarting the application to run it outside the sandbox for you. :slight_smile:


  • 1

Not really. I have an example here:

Foxit reader has an update feature, which launches an external program update.exe, this is automatically sandboxed and the update fails. The problem is that even if I tell CIS not to sandbox again, I cannot update through foxit reader, since the update disappeared from the program ( I guess they should account for errors, but anyways), then I am able to update next time there is an update, but hey now it is a new update.exe and it all starts over.

You could say that I should exclude update.exe in the settings, but I am not a fan of excluding a file in the temporary folder, since any other update.exe placed in that folder would get the privileges and that would create a security hole, which could be avoided if I could could choose whether to sandbox or not before the program is run.

I am not saying that they should remove auto sandboxing, they could just add it as an advanced option for the sandbox