Sandbox

What is the safest option sandbox CIS (Fully Virtualized, Untrusted, Restricted, Limited, Limited Partially)? What do you recommend? Fully Virtualized am currently using this option is the best, if not, why? Could list the most secure options in ascending order? ???

I would use either Untrusted or Fully Virtualized. Untrusted will protect you against anything I’ve seen. I’ve never heard of it being bypassed. Fully Virtualized is nearly just as robust, although keyloggers running inside it can log strokes from the real computer. However, the firewall will prevent them from communicating this data without you allowing a firewall alert. That said, there is a single vulnerability by which a piece of malware sandboxed as FV could technically bypass the firewall with a limited amount of data. However, I’ve never heard of a piece of malware actually doing that. It would have to be very targeted.

That said, under Untrusted almost all unknown apps will fail to run. Under FV most will be able to run. Therefore, if you are willing to monitor what’s running as FV I would actually advise that. If you are worried about the keylogging, although it’s very difficult for them to actually transmit the data, I would recommend Untrusted.

Let me know if you have any questions.

Thanks.

thanks for the explanation :-TU

No problem. Let me know if you have any questions.

Hi Chiron, please correct me if I’m wrong…cause I want to be sure to understand properly how CIS behaviour blocker/sandbox work

  1. The behaviour blocker is not technically a sandbox, but a right limiter, so that unknown softwares can always interact with the real system, dpending on the restriction level you set (partially limited, limited etc…). This is true, unless you decide to set the restriction level to Fully Virtualized. In this case every unknown software will run in the “real” comodo sandbox (just like if I right-click on them , and select “run in comodo sandbox”);

  2. On the other hand, Comodo sandbox is technically a sandbox, like Sandboxie. Everything running inside it cannot modify the real system ,and will be deleted when you decide to empty the sandbox. If I want to recover something from the sandbox, then i have to save it in in shared-space folder. If I run something in this shared-space folder, it won’t be sandboxed, unless I set behaviour blocker on Fully Virtualized, and the software is not included in the trusted vendor list. So, if I want to be sure to virtualize it, then I have to right-click on it and select “run in comodo sandbox”.

  3. In theory, if I install something inside Comodo sandbox…it should be kept inside, and be deleted when I empty the sandbox. I tried to install a legitimate software (winamp) in the sandbox, but definitely it has been installed in the real system…why? Perhaps because it was included in the trusted vendor list? Or could it be a hole/bug in the sandbox?

Thanks for every clarification.
Wonder

Sure.

You are correct. That’s a good way to look at it.

Yes, that is the way it works. Software sitting in shared-space is technically sitting in the real system, and not in the virtualized sandbox.

That doesn’t sound right to me. Can you please create a new topic to discuss this winamp situation so we can look into this deeper? Thanks.

No problem.

Hi Chiron,
thankyou very much. I tried again to install winamp in the sandbox, and everything went smooth…so…probably it was my mistake.
I noticed that, while using sandboxie you can right clic on every file you want to open it virtualized, when I do the same thing with Comodo sandbox…it’s not possible (E.g. cannot right click on a “.doc” file to start it sandboxed).
So…is Comodo sandbox made only to start executable files? I hope I made me understood…

CIS only shows the entry for executable files yes, I see a wish here :wink: a wish to add the entry to all files and make the entry open the file in the default application for that file extension in the sandbox. I think that could be worded better. >_< Too hungry for that now though ^-^‘’

yes…definitely…you’re right. :azn:

Do you want to create or should I do it?

Edit: Actually there might already be a wish for this ??? I’m not sure.