Windows system files getting sandboxed

Hi guys,

I’ve had a look around the forum but couldn’t see anything about this. I’ve found in my logs that CIS is sandboxing some Windows system files (see attached screenshot). It doesn’t seem to be affecting functionality as far as I can tell (though error reporting is generally transparent to the end user anyway), but obviously it’s still not a desirable outcome as legitimate OS files shouldn’t be getting sandboxed.

I’ve got a normal install of the full suite, set to Proactive Configuration and my sandbox is set to treat files as Restricted. Apart from that it’s a pretty standard install. I’ve also noticed several popups the last few weeks saying things like “(Windows/Microsoft/whatever) is not a recognised/trusted authority”, or else it says that the file is not known to be trusted and do I want to sandbox, block or allow. This is for OS files!

I’m running Windows 7 Ultimate x64 with SP1 and all up to date.

Any help/advice/tips? TIA. :slight_smile:

[attachment deleted by admin]

Hi RainmakerRaw,

Please submit the file as false-positive at Comodo Antivirus Database | Submit Files for Malware Analysis and mention in comments box that it’s sandboxed. We’ll verify and fix the issue.

Thanks and regards,
Ionel

Thanks very much. :slight_smile: Overall I’m very impressed with CIS, and I’ve carried out extensive testing between it and other products with 0day malware, exploits etc. However, I have to say I’m incredulous that it would be sandboxing OS files, let alone be popping up to say that Microsoft and Windows are not recognised companies… :-TD

My install is definitely 100% clean (unless CIS, MalwareBytes, SAS, ASquared, AVG, F-Secure, Sophos, Hitman Pro, Norton Power Eraser, Kaspersky and NOD32 are all wrong…), so it’s not like I have fake system files generated by malware or anything. Weird. ???

Perhaps something is wrong with my local configuration? I did tick to enable cloud analysis of files, but surely that shouldn’t trigger detection (or failure to recognise) Windows core files?