I have a game installed on my computer named “PokerTH”. Every time I run it, I get the popup warning that CIS Sandbox “pokerth.exe could not be rcognized and requests unlimited access to your computer”. Every time this happens I check the box that says “trust this application”, then click on “Run Unlimited”, but it still happens. It’s listed in the Auto Sandbox as “Ignore” under “Action” and “Trusted” under “Reputation”. It’s set to “Allow All Incoming and Outgoing Requests” under the Firewall settings “Application Rule”, and it’s also set as an “exclusion” under the AV exclusions.
What do I need to do for CIS to recognize this program as safe so I can stop getting the popup every time I want to play the game?
before i help you to create the appropriate rules can you tell me which components you have enabled and which setting they are at (ie antivirus, hips, sandbox, etc)
I’m not sure if this is what you are looking for, so if you need different information, please let me know.
Comodo ver. 8.1.0.4426
Database ver. 21529
Configuration:
Comodo – Proactive Security
Antivirus:
Realtime Scan:
Realtime Scan – Enabled
Scanning Optimization – Enabled
Run cache builder when computer is idle – checked
Decompress and scan archive files of extensions – checked
Use heuristics scanning - checked
Defense+:
HIPS Settings:
HIPS – Not Eneabled
Set pop up alerts to verbose mode – checked
Enable adaptive mode under low system resources – checked
Enable enhanced protection mode – checked
Do heuristic command-line analysis for certain applications – checked
Detect shellcode injections – checked
Sandbox:
Sandbox Settings:
Do not virtualize acces to …. - checked
Show highlight frame for virtualized programs – checked
Detect programs which require elevated privileges – checked
Show privilege elevation alerts for unknown programs – checked
File Rating:
File Rating Settings:
Enable Cloud Lookup – checked
Analyze unknown files in the cloud by uploading them for instant analysis – checked
Trust applications signed by “trusted vendors” - checked
Trust files installed by trusted vendors – checked
Detect potentially unwanted applications – checked
Last Update - 7 hours ago
Detected Threats – 0
Network Intrusions – 0
Blocked Intrusions – 0
Real Time Protection – active (Antivirus, Firewall and Auto-Sandbox)
First lets make a new group which contains all the games files
Click tasks → advanced tasks → open advanced settings
Click security settings → File Rating → File Groups
Click the arrow at the bottom and select add. Name the group whatever you want. Right click on your newly created group and click add folder. Now add the folder which contains your games files.
Now lets create a new trusted rule for the file group you just created.
While still in advanced settings click Defense + → HIPS Rules
Click the arrow at the bottom and select add
Now in the HIPS rule window select browse → File Groups → Select your new file group you created in the previous section
Now select “Use Ruleset:” and give it the installer/updater policy.
This should be it. Your game should work without any problems. Let me know if you have any problems.
CAUTION: Giving any application/group the installer/updater policy will give it unlimited rights to your computer so only use it on files/applications you absolutely trust
This didn’t work. I’m still getting the same popup window. For some reason, I’m unable to inset an image file, so the link to the screen shot image is:
This is a sandbox alert and it means that pokerth.exe matches some of the existing Auto-Sandbox rules.
“Proactive Security” configuration defines all Unrecognized applications to be launched in the Sandbox.
The most suitable solution here is to update existing Ignore Auto-Sandbox rule you mentioned. Please open this rule and a) change Reputation to Unrecognized or b) switch off Reputation checkbox.
This is a known issue in last release and will be addressed in the coming release.
Can you give a more detailed explanation on how to do both of these? I don’t see how to change the Reputation to Unrecognized or how to switch off Reputation in the HIPS Rule page.