User-Created Rules For Auto-Sandbox Do Not Work

Comodo Internet Security - CIS Resolved/Outdated Issues Beta Corner - CIS
1

1. The full product and its version:
COMODO Internet Security 8.0.332922.4281 BETA
2. Your Operating System (32 or 64 bit) and ServicePack revision. and if using a virtual machine, which one:
virtual machine : virtualbox 4.3.6 r91406
windows 7 x32

3. List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?:
Default configuration
4. Did you install over a previous version without uninstalling first, or import a previous configuration file?:
Clean install
5. Other Security, Sandboxing or Utility Software Installed:
No
6. Step by step description to reproduce the issue. Or if you cannot reproduce it, what you actually did before it happened, step by step:
1:If I created a rule in the Sandbox, does not restrict the application that rule applies to the application
7. What actually happened when you carried out these steps:
An example of rule in the Sandbox does not work:
1-Settings ~ Defense+ ~ Auto-Sandbox~Add
2-Action:Run Virtually , Target:Important Files/Folders
3-Sources ~Add ~ Crated by:Executables ,Loction:any,Origen:any
4-Reputation ~ Select file rating:Unrecognized
5- Option :Default
Now rule was created in the Sandbox,I made ​​a file bat, it deletes files on the desktop
Like this:

del /q / "C:\Users\ahmad\Desktop\SDAhmad.exe"

As everyone knows, “Important Files / Folders”, contains a list of files, including desktop

?:\Users\*\Desktop\*|

After running a file bat not restricted and deleted SDAhmad.exe
8. What you expected to see or happen when you carried out these steps, and why (if not obvious):
Sandbox rules created by the user is not working
9. Any other information:
No

[attachment deleted by admin]

2

Have you found that any of the rules you manually created work correctly?

Also, please create and attach a diagnostics report to your first post.

3

thanks

4

Thank you. Have you yet tested this on a real system? If not, please do and let me know if the same problem occurs there as well.

Thanks.

5

also i tested on a real system and the same result

6

Was the .bat file located in a location that would go under “Important Files / Folders”?

7

For example, if the any file delete or modify the desktop should be restricted application
Because of the desktop of Important Files / Folders:

http://im52.gulfup.com/WLAOeq.png

8

I don’t understand exactly what you mean.

You say “Target” is set to “Important Files/Folders” - The “Target” is the location(s) for which the rule will be active, so if we set target as “C:\Test.exe” then the rule will only be active for that application (As in, only C:\Test.exe will be sandboxed), in the same way if we set it to “Important Files/Folders” only applications in a location of the “Important Files/Folders” group will be sandboxed. So in order for the .bat file to be treated by the rule, it has to be in a location that is also under “Important Files/Folders”.
You never specified from where you ran the .bat file which is why I’m asking.

You also mention that you have added “Executables” to Sources as “Any” and “Any”, I assume that an executable created the .bat file? Otherwise the rule wouldn’t be applied to the .bat file, but like I said I would assume that the .bat file would be created by some kind of executable, I don’t even know if it’s possibly to create a .bat file without going through an executable…

9

Maybe you did not understand what I mean
Whose I am submitted is just an example and give you another example :
1-Settings ~ Defense+ ~ Auto-Sandbox~Add
2-Action:Run Virtually , Target:C:\Users\ahmad\Desktop\test
3-Sources ~Add ~ Crated by:Executables ,Loction:any,Origen:any
4-Reputation ~ Select file rating:Unrecognized
5- Option :Default
if i deleted the folder test by file *bat ,file bat not Restrict
Increased by to the you said about “Loction:any,Origen:any”
If you put rules “any” and “any” does not require that there be an executable file has created a file Bat
But should restrict file Bat Proof: third rule in the Sandbox if you’ve changed the original option to any of the Internet will put any file Non known in the Sandbox and this indicates that it the file Bat, does not need executable file to created

10

Either I understand what you mean and I think you misunderstand what the Target is, or I misunderstand you completely.

For example, unless the bat file was located in [b]C:\Users\ahmad\Desktop\Test[/b] then it wouldn’t be sandboxed, because only applications (or applications in folders) detailed by the Target are sandboxed. So if your bat file is located at C:\Users\ahmad\Desktop\Example.bat then it won’t be sandboxed and it shouldn’t be stopped from modifying C:\Users\ahmad\Desktop\Test however if the bat file was located in C:\Users\ahmad\Desktop\Test\Example.bat then it might be sandboxed because it is specified in the Target for the rule.

You could try this example:

  • Auto-Sandbox > Add
  • Action: Run Virtually
  • Target: C:\Users\ahmad\Desktop\Test*
  • Sources: Leave empty
  • Reputation: Leave unticked
  • Options: Default

With the above rule, create the bat file and put it at C:\Users\ahmad\Desktop\Example.bat now run it (it shouldn’t be virtualized) now put the same bat file in C:\Users\ahmad\Desktop\Test\Example.bat and run it, now it should be virtualized.

11

I tested your method and succeeded :-TU
But is not it better to not locate the application is not known,For example: the file Bat to be outside the C:\Users\ahmad\Desktop\Test\

12

SD Ahmad, does this mean that this bug can be considered Resolved? If not, please specify what the problem is which still exists.

Thanks.

13

Issue has been resolved ,Thank you Sanya

14

I’m happy to hear that. In that case I’ll move this to Resolved.

Thank you.