Sorry if this is covered elsewhere, I’ve searched everywhere and haven’t found what I’m looking for…
In CIS5 all PDF files seem to be sandboxed with the pop-up alerts. I tried trusting Adobe Reader (my PDF viewer), but this doesn’t appear to change the status for the PDFs. How can I trust all PDF files?
Thanks!
Hundnz
The PDF files shouldn’t be getting sandboxed since they aren’t processes, but AcroRd32.exe (the reader) might. Check to see that its not listed in ‘always sandbox’. Also, in sandbox settings, ensure that ‘display notification for auto-sandboxed’ is enabled.
Send you include a screenshot of the alert?
Please check if AcroRd3.2.exe is not in Unrecognised Files. It it is please select it and move it to Trusted Files. Then close Acrobat Reader, or when needed reboot, and see what happens.
On second thought. Does this happen when you open programs from within Acrobat or from Windows Explorer? Does it also happen when you open them from other programs like your web browser; may be your browser or other program gets sandboxed? In short in what situations do the pdf files get sandboxed?
When I open pdf files on a USB flash drive, I get alerts. If I copy them to C:, I get no alerts.
[attachment deleted by admin]
Interesting finding. I had not noticed that before.
I know that but thought it only extended to executables. But apparently not…
Hi, thanks for your thoughts. The PDF files I am opening ARE stored on a removable USB drive. I’ve just tried copying a PDF to my desktop (i.e. on C:) and opening it and no alerts have appeared.
Is it really not possible to stop alerts for PDF files on a USB drive? Often two or more alerts pop up (one for partially limited - sandboxed, another if the PDF contains URLs) and I find it very annoying. I’m sure they didn’t pop up under the old version of CIS (v4?) I had installed until recently.
I use the USB stick because I need to access the same files on my work and home PC. The work PC is safe, so I would have no problems trusting PDF files on it also.
They should have. Removable media has always been considered untrusted.
Only when opened with Adobe Reader X (10.0) are pdf files sandboxed (or cause an unlimited access alert).
Is this likely to change in the near future? I would consider using Foxit Reader instead, but it has problems with some of the newer/more complex PDF files. So I would prefer to keep using Adobe Reader X.
Thanks again everyone for the advice.
Have you looked at PDF X-Change Viewer?
Though not as slim as Foxit, still smaller and quicker than Adobe’s reader. 
Gizmo considers it the Best Free Non-Adobe PDF Reader. I’ve been using it for over a year and have no complaints.
I don’t use Adobe Reader, but Adobe Full (and sometimes Foxit for reading only).
The “new” pdf formats have a lot of scripting object integrating abilities and Adobe Full, even in an old version, has a lot of settings allowing potential threats (online comments, javascript, webbuy…).
Does the Sandbox censor the pdf files as such, or does it censor these potential software abilities?
Why does Comodo IS consider a pdf file being an “application calling Acrord32.exe”?
A user has no way to create a rule to stop this behavior because each and every pdf file is considered an untrusted application by Comodo!
Why opening a scanned 1-page image pdf trigger the sandbox at all? Why the same pdf file on a USB stick triggers a sandbox, but not on the HD? A plain pdf file is not an application - the trust issue is irrelevant.
Will this clearly dumb sandboxing behavior be fixed by Comodo?
Are you suggesting that the solution to the problem with Comodo’s not-so-smart treatment of pdf files is to change my pdf viewer? - LOL (:CLP)
pdf’s may in fact be scripts as brucine points out. Any file could be an executable in the case the reader of that file can execute scripts found. Turns out that is hard to avoid, with adobe having had javascript activated by default and it being somewhat hard to turn off. Given the number of Adobe flaws found in recent months, it is perhaps a good idea to find a pdf reader that will not execute scripting.
What exactly is the problem with the pdf being opened in the sandbox?
I wrote a lot, probably more than this bug deserves - sorry. My reply helps to summarize the issues raised in this thread. The problems with mass-sandboxing of pdfs on USB sticks are: 1) users of Comodo IS end up facing alarming messages, reading them, and clicking several times at the right places just to open a plain vanilla pdf file on a USB stick. This nonsense has to be done for EACH pdf file. After just one day, my sandbox has dozens of pdf files. Am I supposed to add all my 5000+ pdfs and each of the new pdfs I create to the trusted application list? Making Acrord32.exe trusted should be sufficient, but it is not.
Excuses about trusted vs. not trusted locations (HD vs. USB) by the moderator earlier in this thread are not applicable to this problem. How come a small SSD (or large HD) connected via USB is different - more trusted - relative to a USB stick? A pdf file on the external SSD is OK to Comodo, but not if it is on the USB stick. ???
A possible source of the bug is CIS’s logic that each different pdf file is an application that opens the Reader, rather than vice versa! Common, opening a Pdf file via USB is not more executing it than opening txt, doc, or xls files in Word - we are executing not the xls file, but Word. Comodo treats opening docs and pretty much any other files right, but it just gets confused by a USB stick pdf file.
The mod’s proposed solution to the bug (using a different pdf reader) is bizarre. The next thing is to tell users to stop using USB sticks to avoid viruses. I rely on CIS for its superior security, but it should not become ridiculous.
Common, Comodo, please fix this bug. Thanks.
When the documents get sandboxed but it doesn’t interfere with accessing them then there is no need to add them to Trusted Files. That’s how the sandboxed was designed; regular programs should be able to run without loosing functionality
2) The potential malware in the files is not at all what causes Comodo's reaction - for example, opening MS Office files with VBA and macros calling external dlls did not trigger a sandbox situation, but a pdf on a USB stick opened in Acrobat is considered a threat. Moreover, [b]the same pdf file is OK when opened from an internal hard drive or _USB HD_, but is sandboxed if the user wants to open it on a USB _stick[/b]!). So, unlike you are proposing, Comodo fortunately doesn't think it's a good idea to sandbox pdfs in general. It sandboxes only pdfs on a USB stick. This is just a small pesky bug,- something programmers in Comodo missed.[quote="egemen post:159, topic:261813"] Thats intentional. such files from removebale drives or temporary folder can cause infection. It should not cause any functionality loss though. [/quote]
Excuses about trusted vs. not trusted locations (HD vs. USB) by the moderator earlier in this thread are not applicable to this problem. How come a small SSD (or large HD) connected via USB is different - more trusted - relative to a USB stick? A pdf file on the external SSD is OK to Comodo, but not if it is on the USB stick. ???USB hard drives are not trusted either. All removable storage that cannot be continuously monitored is by design not considered safe. Think; network drives, USB flash disks, USB HD's, encrypted drives/partitions...
It makes sense to assume this initially.
3) it seems no one cares about this at the company, whose moderator's reaction is to suggest to switch away from Acrobat Reader, instead of admitting the bug and enduring the pain of thinking what's can fix it. I must use the Reader to see the files I create - my customers use it, and it is the mainstream package for hundreds of millions of users anyway. For a change, this bug is not due to Adobe. So Comodo just should admit the problem and simply correct the way its software treats files opened with Acrobat Reader from USB sticks.Apart from staying practical it is also good trouble shooting sense to try different programs in the same scenario.The mod’s proposed solution to the bug (using a different pdf reader) is bizarre. The next thing is to tell users to stop using USB sticks to avoid viruses. I rely on CIS for its superior security, but it should not become ridiculous.
Common, Comodo, please fix this bug. Thanks.
I assume you’re talking about me because your previous post quotes one of mine.
You’re getting two completely different posts mixed up.
In one post I stated that removable media has always been considered untrusted.
Then I made a reply to another poster who said he was considering using another PDF reader, but it had issues with some newer PDF files. I suggested another product.
Nowhere did I propose this was a solution to the problem…
I run into the same problem, not with just a USB drive, but also a CD/DVD with PDF files on it. As long as one is just viewing the file there is not a big deal - one can do that easily enough, but if one want to print (aka use a system resource) the exception for the file need to be added. When you are viewing and printing lots of different PDFs this becomes a significant chore, with exceptions out the wazoo.
Understandably, PDF potentially can be infected, but immediately sand-boxing which prevents printing the document is taking it a little bit too far - to the degree that ability to use adobe is severely limited. While this may sound minor, when one is dealing with multiple different PDFs, from various different sources (on CD, USB stick, etc) it gets into the area of being a show stopper.
Besides, shouldn’t the on demand scanner be detecting such potentially damaging files by more than just the extension of the filename?
Understandably, this may be by design, but at the same time, by design should not be affecting the way that someone needs to use their computer in an existing way.
Thoughts?
Cheers,
Xystren
Absolutely. The problem is when you want to print and the pdf is sandboxed. Comodo will block the attempt to print. (I thought I was having a lot more trouble with this on Windows XP than with Windows 7, but I think this might be because I am more likely to be printing from a usb on the XP.) Yes its possible to tell Comodo not to isolate the file again, add it to safe files, then close the file and re-open it. Or its possible to move it to your hard drive. But this is all a lot of annoyance if you print pdfs frequently.
It appears to me from some of the comments that Comodo considers Adobe Acrobat to be dangerous malware. Why not let us, the end user, decide whether or not we want to trust Acrobat? Why not let us set Acrobat reader and/or the full Acrobat as a trusted program, and after that individual pdfs would not be sandboxed, and alerts would only occur if threats were detected in the particular pdf?