Trusted applications unable to sbox with context menu.

Comodo Internet Security - CIS Install / Setup / Configuration Help - CIS
#1

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.

  • Can U reproduce the problem & if so how reliably?: I can reproduce it on my system very reliably.
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
    a: Put a trusted .exe in Shared Space (or other excluded folder) For the test I used the latest CCleaner setup .exe.
    b: Right-click the executable and click “Run in COMODO Sandbox”
    c: The application will be run normally and not in the sandbox.
    d: I tested with Comodo Dragon running as Fully Virtualized to download the latest CCleaner setup to “C:\Users**username removed ;)**\Downloads\Shared Downloads” (which I have set up as excluded) and then started it from the Fully Virtualized Comodo Dragon, it was run outside the Sandbox!
  • If not obvious, what U expected to happen: I expected the applications to run inside the sandbox.
  • If a software compatibility problem have U tried the conflict FAQ?: I tested several trusted applications, just using CCleaner as an example.
  • Any software except CIS/OS involved? If so - name, & exact version: For the purpose of testing I’m using CCleaner v4.08.4428 setup file.
  • Any other information, eg your guess at the cause, how U tried to fix it etc: I believe “Do not virtualize access to the specified files/folders” is implemented too broad, it’s supposed to make sandboxed applications have an access to the real system but it also prohibits trusted applications in this folder from being launched in the sandbox. (Putting the same file in another folder that is not excluded will make you able to start it sandboxed)
    [/ol]

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: CIS version 6.3.302093.2976 | My own configuration.

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: HIPS = Safe mode | BB = Disabled | Firewall = Custom | AV = Stateful
  • Have U made any other changes to the default config? (egs here.): Too many to list, config file will be attached.
  • Have U updated (without uninstall) from a CIS 5?: No
    [li]if so, have U tried a a clean reinstall - if not please do?: N/A
    [/li]- Have U imported a config from a previous version of CIS: Yes.
    [li]if so, have U tried a standard config - if not please do: Yes
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: Windows 8.1 64bit | UAC disabled through registry | Administrator account | Real machine.
  • Other security/s’box software a) currently installed b) installed since OS: a= Zemana AntiLogger Free b= None other than Zemana and default Windows security applications.
    [/ol]

[attachment deleted by admin]

#2

Perhaps I’m misunderstanding the steps, but I could not reproduce this. I took the CCleaner installer you provided and moved it to the Shared Space. I then right-clicked on it and selected “Run in Sandbox”. I then got a Defense+ popup asking if I wanted to run it with Unlimited Rights or run it in the sandbox. I chose to run it in the Sandbox and the installer started with the green border.

Am I missing a step, or misunderstanding the bug? How can I reproduce this?

Thank you.

#3

Hmm, I’m assuming this is only for me then, I’ll do some more testing. Perhaps you can try with the configuration I supplied? (you’d have to re-add shared space to the exclusion)

#4

Hmm, I must have missed applying the default configuration because it seems to be an issue with my configuration. When I change to the default configuration I get the same alert you get, with my configuration CCleaner starts with a red border… I guess I’ll have to redo the whole configuration again <_< Assuming it’s corrupted.

Yup, my configuration is broken, it never shows the elevation alert…

With

Detect programs which require elevated privileges e.g. installers or updaters - Enabled Show privilege elevation alerts for unknown programs - Enabled

CCleaner starts with a red border.

With

Detect programs which require elevated privileges e.g. installers or updaters - Enabled Show privilege elevation alerts for unknown programs - Disabled

CCleaner starts with a green border.

… Is it possible to repair a configuration file? <_< Have so many changed settings that it’d take hours to remake it…

Edit: I guess this can be moved to the help section.

#5

Okay, I will move this to the HELP section. If this does turn out to be a bug please let me know and I can move it back.

However, it does indeed appear to be due to the configuration.

Thanks.

#6

I wonder if it’s a setting in the configuration file, or if it’s simply a corruption? :S If it’s a corruption… then I’m sad. ;_; I’ll find the time to redo the configuration from start sometime, until then I’ll have the two options for the elevated privilege alert turned off since I don’t really use them anyway.