Services in containment

V12.2.2.7036 (Firewall only) Windows 7 Ultimate 64-bit

I ran services.msc in containment to check what services are available inside containment.
The services names are different from those when running services.msc uncontained also their description is not available (error code 50).

I have attached a screenshot of services.msc running in containment.

Things that I would like to know:

  • Does the services list as shown in the screenshot look normal when run in containment for the OS I use?
  • Does it look identical when run in containment on Windows 10 (could someone share a screenshot of it please)?



Would you be so kind to send me your screenshot of contained services.msc on your Windows 10 system?

My screenshot may look perfectly valid as intended by design so maybe there is absolutely nothing wrong with it, I’m just curious how it looks like on Windows 10.

Thank you.

Probably looks normal . . . who knows

Thanks for sharing the screenshot Ploget.

To be honest I’m a bit confused about the correctness of this services list and maybe also about their functionality towards applications which use those services.

Reason is when I do run services.msc sandboxed in Sandboxie I see the normal full services list that I would normally see when services.msc is run on Windows itself (there are a few more services listed when using Sandboxie but at least the list is fully populated).
The services list, when run in containment, shows only a small subset of the all services normally available on Windows.

What would happen to applications when run in containment and requesting the need for a service that is not listed by services.msc run in containment and thus not available to that application?

Services aren’t applications. Even requesting Services to run Virtual doesn’t allow Services.msc to be chosen - only exe files

The only way I could get it was through was via Virtual Desktop and a Screen Print. Without knowing the intricacies behind Containment, I’d guess that the Services shown are the ones that are required to run Containment itself. Obviously other Applications may need other Services otherwise they wouldn’t run at all

Services are no applications (such as .exe and the like), that I know.
Applications may or may not request a service to run in order to work correctly.

I could get it by just going to “Start->Control Panel->Administrative Tools->Services” and then right click on “Services” and selecting “Run in COMODO container”.
Or typing “services.msc” in “Start->Search programs and files” and then right clicking on the found file “services.msc” would do the same (for me on Windows 7, that is).

Another reason why I may doubt the correct working of services when an application is run in containment and requesting them is is related to my filed bug “Solitaire does not start in containment”.
Because I was a bit curious about this bug, I debugged Solitaire in containment and it threw an exception error related to a service. The same debug session performed in Sandboxie did not threw that exception.

It could be that the bug is related to what services.msc shows in its list when it is run in containment.;msg859343#msg859343

Basically many Windows services and their COM objects/interfaces are not exposed to applications when run virtually in containment, some are blocked or do not exist and thus any application that request usage of those services or COM interfaces will not work properly.

Neither means of which method works in Win10, or at least this ‘buttoned down’ system (nor does the Solitaire issue)

When I’m informed correctly by reading some articles on the internet then the Classic Games Pack that comes with the Windows 7 installation DVD can’t be run on either Windows 8 or 10. Microsoft prevented this by some hard-coding in their games, so the original Classic Games Pack on the Windows 7 DVD only runs on Windows 7. The Classic Games Pack that does run on Windows 8 or 10 is tailored / adapted / modified so that it runs on those platforms and behaves differently when started on those platforms hence, most probably, the bug does not occur on those platforms.

I understand it.

However, it would be very usefull and clarifying to the user when some sort of information-message would popup telling that a service is not available or only partly supported when an application requests its usage in containment. In case of the Solitaire bug there is no feedback to the user at all, it just exits.
Sandboxie does inform the user when a certain service isn’t supported in their sandbox.

Sandboxie - sorry to mention it again - does provide a list of supported services of their own.
Does CIS somewhere provide information or a list about which services are supported in containment?

V12.2.2.7036 (Firewall only) Windows 7 Ultimate 64-bit

Following command doesn’t work in contained PowerShell:

Get-WmiObject Win32_ComputerSystem -Computer

Contained PowerShell command output (error):
Get-WmiObject : The specified service does not exist as an installed service. (Exception from HRESULT: 0x80070424)
At line:1 char:14

  • Get-WmiObject <<<< Win32_ComputerSystem -Computer
    • CategoryInfo : InvalidOperation: () [Get-WmiObject], COMException
    • FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

Uncontained PowerShell command output (correct):
Manufacturer : System manufacturer
Model : System Product Name
Name : BlahBlah
PrimaryOwnerName : MoreBlahBlah
TotalPhysicalMemory : Enough

Sandbox (Sandboxie) command output is correct too, is same as uncontained PowerShell command output, like above.

Containment has some shortcomings…

Like I said before, not all services are exposed to contained applications hence it will not work to accesses those services and anything they would normally have available to access. In this case the WMI service is not available in containment.

I’m only reporting what I encounter when trying things out.

If there is no or very limited support for even the most simple services then CIS Containment unfortunately isn’t the Ultimate Golden sandbox solution.
Face it, when even a small tool like Sandboxie has support for these services I expect CIS to have at least support for those as well.
CIS containment needs to be improved to be on par with competitive products.

At this moment Sandboxie can handle and run more applications requesting services then CIS containment can.
Reconsider if this is a bug or not.

Hello Dharshu,


Could you please shed light on and give your opinion and feedback on above post “Reply #12”?

Thank you.

It would be highly appreciated if I could get feedback on above subject from anyone.

Are these not supported services going to be fixed in future releases or are there any plans to add support for these services in containment?
Or will containment functionality stay as it is, so no further development or improvements added?


Hey CISfan,

Let me check with my CIS Team and update you.
Have a nice day!

Hi Dharshu,

Thank you for going to check it with your team, I appreciate your efforts.

As I went back to CIS V12.0.0.6882 to check on the Solitaire containment bug I also checked all the containment bugs/items that I found in this thread from the first post to very last post.
Maybe needless to mention but also in V12.0.0.6882 all the bugs/items which I found in this thread apply to that containment version, in other words, all those bugs/items don’t work in that version either.
It is just for completeness that I mention these V12.0.0.6882 findings here.

I really hope you and your team can fix all these containment bugs/items (including the Solitaire containment bug).
Comodo CIS is really a great product and I’m using it for decades since Windows 2000.

As my name CISfan suggests, I am a fan of CIS and I do like it very much.

Looking forward to your and your team feedback. :slight_smile:

Thank you and have a nice day too.