I only use my admin account for installing software. For all other activities, I use my limited/regular/standard user account (LUA). I download new software on the LUA and check it at virustotal.com before installing it (on the admin account). I have been using CIS for a few years, but I have the CIS sandbox disabled to reduce the pop-ups. What is benefit of enabling the CIS sandbox for users like me that make good use of the LUA?
Is the CIS sandbox aimed at the average PC user who does everything on the admin account?
The sandbox was made to reduce the pop ups for new applications. In the sandbox will be executed the unknown files (this files are not known as good or bad) and that’s why the pop ups are reduced because the application run with restricted operating system and defence plus privileges.
More about sandbox can you read here https://forums.comodo.com/defense-sandbox-help-cis/empty-t53268.0.html
I read that topic before I made the opening post. How can an application be run with operating system privileges more restrictive than a LUA? Since I am using Defense+ in Clean PC Mode, it already blocks new, unsafe applications from running.
Sandbox is more powerful then LUA is. Note: CIS automatic sandboxing does NOT enable virtualization by default. CIS 4 assigns restricted tokens to processes according to the level in sandbox and puts them into a job object. Then we have D+ as another layer. For unknown applications D+ also automatically blocks file system and registry access to critical keys/files. It also evalutes interprocess memory access requests and blocks if it is for applications outside the sandbox.
Admin account or not, this is why Sandbox is useful - Not just for less pop ups but from a protection point of view.
Hi,
there are many programs which are not malware, but so poorly coded, if you mistakly had run them on your system, you will regrret later.
hower manually sandboxing allows you to evaluate to larger degrre , with many restrictions apart from LUA.
for example using/working in LUA does not mean programs will be prevented to write to crtical registry settings pertaing to your user profile, i.e programs will be able to write to user hive.
if such mishaps happens and you forgotten to create system restore points then only solution is to create/add new user account in your computyter and then painfully transfer all your data.
however if you use comodo sandbox you will find all files/registry entries( wheter protected or not are written in virtual root).
A great time saver. though impact on system resources is quite high.
Its about the “unknown” …Sandbox is designed for the “unknown” files…as you know an unknown file can turn out to be good or more importantly bad. Are you going to take the risk of giving an unknown file FULL and TOTAL ACCESS to your computer?
What you do, to protect yourself, is exactly what Sandbox does, but without having to switch or go to VT to check etc etc. If you are happy with your current method, then pls continue…its a safe way of computing. One area of concern of installing an app that you trust, but later turns out to be malware. As we know no AV can have 100% of the malware out there. One theoretical possibility is you install a software, that you checked by VT etc, and then turns out to be malware. As I said, you seem to be a very knowledgeable user and this is a theoretical risk that sandbox would protect you from.