It’s a difficult one. It uses the default browser, so not virtualised. stored, unless you change this. You need to start with the browser closed.
I agree re the drawback. But you could just keep copying portable browser installations across at each reset. However you can automate the reset - I have a batch file. Not sure about the default browser registration, that might be complex.
That’s why I said evolved…
But it may be simpler to wait for Comodo to sort it out. Use the above facility as a bit of extra security meanwhile.
Yes, you need to be in custom mode with your two rules for this.
You also need to ensure that SW iron is not installed outside the sandbox.
If it is installed outside the sandbox you either need the shortcut trick and the sandbox exemption in place to make sure you run the right instance (or you need to start it from explorer by double clicking on the right executable, but - care needed - check file creation dates/times)
And that SWIron is closed I think as well (debatable)
But after the first time you allow a firewall alert to allow your default browser to access the internet in the FV environment wouldn’t’ that therefore create a rule such that if I ran the leak-test it would be allowed to access the internet, as I had already allowed Dragon?
Therefore, unless you want the FV environment to always be blocked I don’t see how this solves the problem.
Ok I don’t use SW Iron this is why I’m using it as the stored app
I first installed it in and set to default as a FV app
created the rule to block
closed SW Iron and ran leakout…
no data leak the rule blocked it
I then edited the rule to ask and repeated the test…
SW Iron opened but I got an connection alert
I repeated the whole thing but whilst in the kiosk - I know it’s the same as running FV but figured I’d still check
I get the exact same results
CIS either blocks or asks (dependant on the rule) before leakout can connect to the net
As Mouse1 states the browser needs to be closed for this to function correctly
I’m happy I could replicate this and although this is an involved process it shows that CIS can defend against this leak whilst in a FV environment
Thanks for your patience whilst I stumbled through this
No problem, your testing is really helpful - you know you need to be careful which many people don’t.
Just to make sure all is OK would you mind testing direct web access by an unknown file? You should only need FW safe mode (without extra FW rules), but with all precautions above, to get an alert.
BTW did you run SWIron fom a desktop shortcut? If so where did the desktop shortcut point? (You will probably need to navigate into FTRoot to check this)
Ok I have retested this with an unknown file with FW in safe mode
When FW set to block web access was denied
with FW rule set to ask an alert was issued asking for web access
I have only managed to test this with one unknown file though at present
I have created a custom folder for SWIron then ran the installer virtualised
I did create a shortcut, it installed in VTRoot/Harddiskvolume1/SRWareIronTest/SRWareIron
I also got the same results by running the installer sandboxed then creating the rule
then entering the kiosk - because SWIron was installed virtually it creates a shortcut in the kiosk
I have noticed that the sandbox has failed to reset after this last test
I hit the reset sandbox button and get the error message -An error occurred while resetting the sandbox-
CIS task manager shows one task running- resetting sandbox
screen attached
I’m going to retest with more/different unknown files as I appear to be getting inconsistent results
I’ll start drafting the FAQ in the first post, crediting your assistance of course. Then after you have finished looking at the reset problem I’ll split off the discussion into the feedback post so as not to confuse, if that’s OK with you.
Looks lie you are hitting some instability. Please report this as a bug in standard format with all requested information. If you can identify the process that is doing the resetting, please take a dump of it while it is hung (sorry not sure which one does this, but it should be consuming CPU while it tries to reset). Also if you have the time please zip up your VTRoot contents.
Are you getting any duplicated directories showing in explorer (program files). I get this quite often, and usually means Kiosk crashes or hangs afterwards.
Rebooted and reset all is as it should be now sorry I missed above ^ post so cannot take the required dumps
unsure whether to report this as a bug with the missing info - I will try to recreate the hang and gather all required data and report bug then
No probs and thanks
Have read through your updated first post :-TU
I think you have covered everything and outlined the steps clearly
hopefully more users will test and use this rule now
hopefully also CIS will have this rule or an option for it hardwired into future releases
Thanks again for taking the time
TF
