******SOLVED******* Installed game keeps getting blocked by CIS Sandbox

I have a game installed on my computer named “PokerTH”. Every time I run it, I get the popup warning that CIS Sandbox “pokerth.exe could not be rcognized and requests unlimited access to your computer”. Every time this happens I check the box that says “trust this application”, then click on “Run Unlimited”, but it still happens. It’s listed in the Auto Sandbox as “Ignore” under “Action” and “Trusted” under “Reputation”. It’s set to “Allow All Incoming and Outgoing Requests” under the Firewall settings “Application Rule”, and it’s also set as an “exclusion” under the AV exclusions.

What do I need to do for CIS to recognize this program as safe so I can stop getting the popup every time I want to play the game?

Thank you in advance for any help.

before i help you to create the appropriate rules can you tell me which components you have enabled and which setting they are at (ie antivirus, hips, sandbox, etc)

I’m not sure if this is what you are looking for, so if you need different information, please let me know.

Comodo ver.
Database ver. 21529

Comodo – Proactive Security

Realtime Scan:
Realtime Scan – Enabled
Scanning Optimization – Enabled
Run cache builder when computer is idle – checked
Decompress and scan archive files of extensions – checked
Use heuristics scanning - checked

HIPS Settings:
HIPS – Not Eneabled
Set pop up alerts to verbose mode – checked
Enable adaptive mode under low system resources – checked
Enable enhanced protection mode – checked
Do heuristic command-line analysis for certain applications – checked
Detect shellcode injections – checked

Sandbox Settings:
Do not virtualize acces to …. - checked
Show highlight frame for virtualized programs – checked
Detect programs which require elevated privileges – checked
Show privilege elevation alerts for unknown programs – checked

	Enable viruscope = checked
	Monitor sandboxed applications only – checked

Firewall Settings:
Enable Traffic Filtering – checked “safe mode”
Enable Trustconnect Alerts – checked
Turn traffic animations effects on – checked
Filter IPv6 traffic – checked
Filter loopback traffic – checked
Block fragmented IP traffic – checked
Do Protocol analysis – checked
Enaple anti-ARP spoofing – checked

File Rating:
File Rating Settings:
Enable Cloud Lookup – checked
Analyze unknown files in the cloud by uploading them for instant analysis – checked
Trust applications signed by “trusted vendors” - checked
Trust files installed by trusted vendors – checked
Detect potentially unwanted applications – checked

Last Update - 7 hours ago
Detected Threats – 0
Network Intrusions – 0
Blocked Intrusions – 0
Real Time Protection – active (Antivirus, Firewall and Auto-Sandbox)

Yes that is what i wanted

First lets make a new group which contains all the games files

  1. Click tasks → advanced tasks → open advanced settings
  2. Click security settings → File Rating → File Groups
  3. Click the arrow at the bottom and select add. Name the group whatever you want. Right click on your newly created group and click add folder. Now add the folder which contains your games files.

Now lets create a new trusted rule for the file group you just created.

  1. While still in advanced settings click Defense + → HIPS Rules
  2. Click the arrow at the bottom and select add
  3. Now in the HIPS rule window select browse → File Groups → Select your new file group you created in the previous section
  4. Now select “Use Ruleset:” and give it the installer/updater policy.

This should be it. Your game should work without any problems. Let me know if you have any problems.

CAUTION: Giving any application/group the installer/updater policy will give it unlimited rights to your computer so only use it on files/applications you absolutely trust

This didn’t work. I’m still getting the same popup window. For some reason, I’m unable to inset an image file, so the link to the screen shot image is:

Can you post a screenshot of the hips rule you created. This should work i use this method all the time.

Hi planejumper73,

This is a sandbox alert and it means that pokerth.exe matches some of the existing Auto-Sandbox rules.
“Proactive Security” configuration defines all Unrecognized applications to be launched in the Sandbox.

The most suitable solution here is to update existing Ignore Auto-Sandbox rule you mentioned. Please open this rule and a) change Reputation to Unrecognized or b) switch off Reputation checkbox.
This is a known issue in last release and will be addressed in the coming release.

[attachment deleted by admin]

Can you give a more detailed explanation on how to do both of these? I don’t see how to change the Reputation to Unrecognized or how to switch off Reputation in the HIPS Rule page.

Thank you.

Are you positive that the file pokerth.exe is in the file group you created?

Also lets try creating an autosandbox rule for your file group

  1. Open advanced settings → Security Settings → Defense + → Autosandbox → Click the arrow at the bottom and select add
  2. Change the action to Ignore
  3. Click browse → File Groups → Select the group you created earlier.
  4. Click ok

Yes, it pokerth.exe was in the group I created.

The instructions for the autosandbox rule worked. Thank you.

awesome glad i can help :-TU