DRAFT - BEING UPDATED
Web access by sandboxed files - how can I control this?
In the default Internet Security configuration there are no firewall restrictions on outbound communications by unknown or trusted files when sandboxed. Nor are communications encrypted unless they are wireless communications, in which case CIS will ask.
You can increase your firewall control by:
[ol]- Changing to proactive security configuration. This will ensure that unrecognised files ask before accessing the internet
- Placing the firewall in custom mode. This will ensure that all apps ask before accessing the internet - you’ll get lots of alerts though!
- (Advanced users only). Create a firewall rule requiring all virtualised apps stored in the sandbox to ask for access. Details here.[/ol]
Note that only item 3 is specific to virtualised executables, and even that is only indirectly specific. It applies to executables which are stored in the sandbox, which are likely thereby to be run virtualised.
You might also want to consider encrypting outbound communications if you are using the sandbox for secure browsing purposes (eg Financial site access) or for reasons of anonymity. More detail on how to do this is provided in my FAQ
Comodo SecureDNS adds some phishing protection - it makes it less likely that you will land on a malicious web site by mistake. This is installed with CIS by default, but if you did not accept the default when CIS is installed, you can make use of it by installing a Comodo browser which uses the service - IceDagon or Comodo Dragon.