I would like to do the above, so that I can see what programs do but have the changes unrecognized programs do made only in the Container (i.e previoulsy Sandbox). Which Auto-Containment settings should I use?
I think everything runs restricted now, because many apps don’t run properly. Haven’t been able to find an answer to this question in Help. Thanks for any assistance.
Hi AtlBo,
May you please elaborate further the heading of the topic?
Thanks
-umesh
Can I using Comodo Firewall set up Auto-containment so that unrecognized programs run unrestricted but changes are recorded in the Comodo container (I guess that is the VTRoot folder?)? I have always been confused about how to do this or even whether or not it is possible. Seems to me now that the programs just don’t function…
Edit:
You want to allow an application to run unrestricted (i.e. outside container) and at the same time you want to know all actions performed by it as if it were running in container and container recorded all actions?
Well, restricted only in the sense that all of the changes it makes to any part of the system are recorded in the container/sandbox and only there. So maybe I don’t understand the default restrictions of the container or something idk. All I know is that I can contain any application in Q360s sandbox, and all of its changes will be recorded to its container. From there, any executables it creates are blocked, but applications like MS Office function great there. It’s just that it’s a hassle to set the thing up when all I want to do is test an app. Also, it’s not possible to clean part of the container…just the whole thing. I think this is the same with Comodo, but at least I might be able to do this from an alert instead of having to dig through settings.
I guess in retrospect this is kind of a stupid query. However, I do think I am onto one thing. That is that I am very curious to see if maybe the Comodo container’s defaults are useful for seeing what applications want to do. Maybe this is the better question. Also, what settings would be best? I think I have tried them all.
In a larger scheme, I think it would be interesting if the container could be set for a single application to run in a test mode, where it would only be denied sensitive or vulnerable changes.
Thanks for you patience. I hate running unrecognized outside of containment, but I have found it necessary sometimes to do so. It bothers me, so I was trying to see if there is a way to see what an application wants to do like use command-line or create registry keys in a sensitive area (a startup key, etc.) or maybe damage personal files etc. I do think a test mode for a program would be cool if it had specific and 100% security guaranteed stops in the mode.
One thing, the browser is able to run in the container. Are there specially crafted rules for a contained browser? Maybe there could be the same thing for all other applications for a “test” mode for the container.
LOL 
Hi AtlBo,
To summarize:
Please confirm if i am missing something and if above understanding is correct.
Thanks
-umesh
Yes I guess that sums up everything. I really just started out wanting to run unrecognized applications (already installed ones) in the container without permanent risk of loss. Most applications will run normally in the 360 container if that helps.
Maybe you could give trial/test apps a separate sandbox or something? It would help now that I think about it to see normal alerts from Comodo as though the application was simply “unrecognized”…just with the special designation of being a test/trial application. Trial sandbox.
When I started the thread I was thinking of how the browser is able to function fully in the sandbox, so why not other applications? You set me straight about that quickly enough after I had a chance to think about what I was asking, but remembering the 360 sandbox, I realized that it is possible…
Thanks for your attention to this matter…
BTW, this part is interesting:
3. Ability to only run application created by it in Sandbox but allowing any existing application launched by it outside Sandbox.
I would say yes, but I would also say that a special trial alert system could also be in place (such as this could be dangerous would you like to cancel trial/testing) and also nothing could be written outside the sandbox. Then it would also I think it’s important that the application is already installed or at least I think so or that it’s portable, etc. What I am thinking is that each of the program processes would have to be individually allowed. I can see how this could make things tricky, because Comodo would have to allow the installation. IDK, maybe that could happen in the same sandbox?
Out and out I could see how this could be a container setting to have the option to run an unrecognized application in testing/trial mode. That would be NICE…
Ok,
1. To be able to see all actions performed by an application in system by running in Sandbox i.e. kind of testing an application so you can see all file/registry/network operations performed by it.This we have in long term plan, in the mean time you could try to upload application in Valkyrie and see all actions done by it.
2. Ability to clean up parts of Sandbox rather complete Sandbox.This we have addressed in CCAV and going to be available in next week BETA and same will be introduced in CIS.
3. Ability to only run application created by it in Sandbox but allowing any existing application launched by it outside Sandbox.This has some security ramifications, will consider.
Thanks
-umesh
This we have addressed in CCAV and going to be available in next week BETA and same will be introduced in CIS.
So I guess the big question for this kind of option is , “how much do I limit an unrecognized whose every action is being recorded to the container?” I think I see how this gets complicated, but I appreciate your cooperation and patience. So responisbly letting unrecognized run fully in a container would mean even activities of other applications that interface or interact with the unrecognized must be recorded in the container. Anything that responds to this particular unrecognized must have its activities which follow recorded in the same container. Anyway, I guess this is true idk.
Well, I don’t want to take up a bunch of your time. Clearly you guys are working on some things, so that’s good enough for me. Looking forward to what’s coming and appreciate your attention. I feel a little bit better about things…