Sandboxed > submit > marked safe > still sandboxed

I have everything working fine just wanted to post my experience.

This might have already been dealt with or is known to happen but I couldn’t find this specific action.

Run installer for 7-zip9.22 beta

Sandboxed as unknown

Open sandbox right click “online lookup”

Found safe and moved to certified files list (approx wording)

exit 7zip installer, run installer > still sandboxed

Lookup online found safe and moved to certified files list

Exit installer, run installer same thing again.

This time I opened the Active proccess list in Defence+ and right click 7zip installer “online lookup”, it then tells me same thing, found safe and moved to certified files list.

Exit installer, run installer and no sandbox and works fine.

Defence+ event log shows the 7zip installer being “scanned online found safe” every time.

Latest CAV with av disabled and sandbox unknown as limited winxp sp3

Thanks

Please try the workarounds as described in App. is not working correctly, but does not seem to be s/boxed. What to do? [v5] and see if that brings a solution.

Well in this case I am not sure any of those apply. But I personally think that if after the first time it sandboxed and then found safe I was to reboot then I bet it would have worked. I just posted because this didn’t seem like the way Comodo should be behaving for a regular installer like 7zip.

Thanks

If you run a safe installer and will make sure it won’t be sandboxed, you have, before running it, to enable in the sandbox settings:

  • automatically detect installers/updaters and run them outside the sandbox
  • automatically trust files from trusted installers

That’s what it is set to do. CAV default settings except I set the execution control to treat untrusted files as Limited and disabled the real time av. This is why I thought it was unusual for CAV to do this.

2011-06-09 16:43:14 	C:\Documents and Settings\G\My Documents\Downloads\7z922.exe 	Sandboxed As 	Limited 
2011-06-09 16:43:22 	C:\Documents and Settings\G\My Documents\Downloads\7z922.exe 	Scanned Online and Found Safe 	 
2011-06-09 16:43:28 	C:\Documents and Settings\G\My Documents\Downloads\7z922.exe 	Access Memory 	C:\WINDOWS\system32\ctfmon.exe 
2011-06-09 16:44:18 	C:\Documents and Settings\G\My Documents\Downloads\7z922.exe 	Sandboxed As 	Limited 
2011-06-09 16:44:26 	C:\Documents and Settings\G\My Documents\Downloads\7z922.exe 	Scanned Online and Found Safe 	 
2011-06-09 16:44:43 	C:\Documents and Settings\G\My Documents\Downloads\7z922.exe 	Access Memory 	C:\WINDOWS\system32\ctfmon.exe 
2011-06-09 16:44:49 	C:\Documents and Settings\G\My Documents\Downloads\7z922.exe 	Access Memory 	C:\WINDOWS\system32\ctfmon.exe 
2011-06-09 16:44:53 	C:\Documents and Settings\G\My Documents\Downloads\7z922.exe 	Sandboxed As 	Limited 

I downloaded and installed 7zip beta 9.22 but I cannot reproduce your findings.

I have sandbox enabled and set Image Execution to run unknown programs as limited. I played with:

  • automatically detect installers/updaters and run them outside the sandbox
  • automatically trust files from trusted installers

Can you try again? May be the cloud gave conflicting instructions yesterday.

Well like I posted it eventually worked correctly but I can uninstall and try again. Will post back with my findings.

Ok so I uninstalled 7zip removed the installer file listing in trusted files list rebooted and tried installing 7zip once again. This time it worked as expected with no sandboxing. Must have been an odd fluke before or something.

Cheers