Sandbox question

This applies to CIS 6.0 (latest):

I have set the Defense+ Sandbox to “Fully Virtualized” mode after doing some research on the internet and found out about this. However, I still have some questions:

  1. How does “Fully Virtualized” mode differ from “Untrusted” mode? Is it less secure/as secure as the latter?

  2. How likely am I to get infected by a rootkit (assuming I run a suspicious application under this sandbox mode)? Will clearing the sandbox undo all the changes, regardless of anything?

3)Why was “Fully Virtualized” mode not visible by default in COMODO ?

Thanks for the feedback.

It’s not possible to get infected by a rootkit. In all sandbox modes it is not possible to install a service or load a driver.

3)Why was "Fully Virtualized" mode not visible by default in COMODO ?

Thanks for the feedback.

It is hidden as it is not ready for the wider audience. It can be enabled for advanced users who like to try it.

  1. Fully Virtualized is made to virtualize an application any changes it makes will affect the virtual file system.
    but I’ve heard of it firewall leaking.Currently the firewall is exposed to some leaks when you use fully virtualized.

I suggest you stick with Untrusted until they fix the firewall leaks.

2.Again anything you download while D+ is set to fully virtualized CANNOT interact or harm your “real” system in anyway Ive tested some rootkits on my real system while fully virtualized all they do is shutdown explorer.exe nothing more. basically harmless.

3.They have hidden that function because of the novice users will get confused of what to do when the application is fully virtualized. it is geared towards more advanced users of the sandbox. :slight_smile: I might have missed somethings but I tried my best to explain it.

The information provided is covering very well what I wanted to know. Great thanks to all of you for the feedback. :-TU