Trusted app running in sandbox, no matter what

Hello,

I just installed Comodo 5.5.195786.1383 (would be nice if the “About” dialog allowed to copy the version number :slight_smile: ), and all seems to work normally – except one executable. It is in the list of trusted applications, yet it shows up as “Partially Limited” in the Sandbox Level column of my list of active processes.

It’s part of a Panasonic printer driver, and located in C:\Windows\SysWOW64.

This is after a clean restart; actually, the file is trusted since several restarts.

I’m wondering why the app runs in the sandbox (“partially limited” is the default for unrecognized apps) even though it’s trusted, and what I can do to make it run normally. Thanks for any hints.

Gerhard

[attachment deleted by admin]

Hi gerhard 444,

I think this FAQ may help you solve your problem

https://forums.comodo.com/defense-sandbox-faq-cis/removing-files-from-the-sandbox-handling-sandbox-alerts-v5-t63856.0.html;msg450546#msg450546

Thanks. I don’t think any of the methods there apply – the file is already listed as “trusted file”.

However, I think you just helped me find a clue :slight_smile: The file is a 32-bit application (as indicated by the location SysWOW64), and I’m running Windows 7 64-bit. I attached a screenshot of the Defense+ Events. The file is listed in the trusted list as C:\Windows\SysWOW64\PCCMFLPD.EXE, but it is sandboxed as C:\Windows\system32\PCCMFLPD.exe.

The file resides in SysWOW64, but when run from a 32-bit process, it appears as if it resided in system32. I’m not sure what the “official” way is to fix this, but I think I’m going to try copying the file into system32, add it as trusted file to Comodo, then delete it from system32 again.

[attachment deleted by admin]

After some back and forth it seems to be resolved :slight_smile:

Involved were

  • copying the file into system32,
  • adding “Computer Security Policy” entries for both files (in system32 and in SysWOW64),
  • enabling the training mode,
  • removing the file from the list of trusted applications (to add it again through the prompt at the next reboot),
  • and several reboots :slight_smile:

I was surprised that after enabling the training mode the file was still sandboxed. I thought that the purpose of the training mode was to create “allow” rules for everything that happens.

I don’t really know which one(s) and which sequence is the “magical” incantation. I’m also not in the mood to go back and retry the many possible sequences… but maybe this helps someone anyway.