WinToFlash is a portable application. It was on HardDrive.

After unzipping I ran WinToFlash CIS 5.12 gave Unlimited Rights Alert & AutoSandbox Popup I clicked Allow on Unlimited Rights Alert. There was 1 file in AutoSandbox Popup.

I dont understand why Unlimited Rights Alert & AutoSandbox Popup both.

At the time I had disabled notification for autosandboxed processes. Later I saw the file in AutoSandboxed.

Now does this mean WinToFlash was AutoSandboxed or was allowed Unlimited Access as I had clicked Allow on Unlimited Access Alert?

And why both Unlimited Rights & AutoSandbox for a single file?

And why WinToFlash was in Unrecognized Lists even when I had clicked Allow on Unlimited Rights Alert?

Unlimited rights request is a warning that the app wants to be God on your system. Be very careful allowing such permission. Unfortunately some apps want such thing (usually its the installer that’s doing that).

The sandbox alert is virtualizing the installer no matter what you answered to the other (because the installer is unrecognized).

For these type of things to work properly, you must answer ‘never isolate again’ (this makes the file trusted. Then terminate the app if its still running. This kills the app in the sandbox. Then relaunch it and answer ‘allow app to be God’.

Depending on your settings, even after running hte installer, once you actually run the installed app the first time: CIS may sandbox the app you just installed. If you trust the app, just answer ‘never isolate again’.

What I do typically is remove the installer from ‘Trusted Files’ and then delete the D+ rule for the installer (if one exists). Obviously the app you installed must be trusted and have D+ rule.

FWIW: I’d recommend that any unrecognized apps - things that get sandboxed - are configured to be ‘untrusted’ (not the default ‘partially limited’).

AutoSandbox - is for files.

Unlimited Rights - is for installers.

Now WinToFlash portable is either a file or installer. So either AutoSandbox or Unlimited Rights Alert should be there. Why both?

An installer is a file no? And the app that’s installed is also a file, no?

So if neither are recognized, both the intaller and the app will get sandboxed. Depending on access rights requested either the installer, the app, or both will generate unlimited rights alert.

If whatever was in the ZIP file is an app that doesn’t require installation, it can still generate either (or both alerts) - depending on access rights it demands until you establish both it being a trusted file and create the appropriate D+ rules for it.

As far as sandboxing, once you answer ‘never isolate again’ the app shouldn’t sandbox on subsequent launching (automatically added to Trusted Files lisgint).

Is this a strictly academic issue, i.e., app won’t stop sandboxing or won’t quit asking for unlimited rights?

I know CIS functions, how it works & what to allow or not.

This is the first time that I tried running anything & CIS gave Unlimited Rights Alerts & also AutoSandboxed it.

When I clicked on WinToFlash.exe in the extracted folder I got Unlimited Rights Alert on which I clicked Allow, now as per this it should run with full rights but it was AutoSandboxed too.

Now if I clicked on Allow to run it with Unlimited Rights why it was AutoSandboxed too?

They’re two different things: one is a warning concerning unlimiited access rights request, the other - sandboxing - is because the app requesting unoimitede access rights is unrecognized..

Looks like a timing issue with the two alerts. Remove WinToFlash from the Unrecognised and Trusted Files list and try several times to see if the problem reproduces.

What do you mean by timing issue with the two alerts?

I tried 10 times now & the results were weird.

Everytime I removed any WinToFlash entries from CIS & Restarted the system & run WinToFlash from the extracted folder.

The results were weird.

Not a single time I got both the alerts as I got earlier, as mentioned in my first post.

Sometimes I got AutoSandbox Popup.

Sometimes I got Unlimited Rights Alerts.

And when you get AutoSandbox Popup, just remove the entry from the Unrecognized Files & run WinToFlash again, now you get Unlimited Rights Alert, weird?

found this little tid-bit in the second URL from above:

Software cannot be removed from the sandbox until it is deemed trusted by Comodo or the user. Restrictions on unrecognised software which is subsequently deemed trusted are not removed until the software is next fully restarted. In some cases this may require the computer to be rebooted. Unfortunately the user is not told that this is required.

I’ve never seen this to be a problem. When the sandbox alert appears, I tick ‘never isolate again’ and it goes into Trust Files. If the application didn’t die, then I terminate it gracefully and ensure it no longer exists in unrecognized files. If it does, I move it to Trusted Files.

In all cases I launch it again and I don’t get bothered with another sanbox alert. But the above quote seems to imply that CIS restart may be necessary. Easy way to do that w/out rebooting:

More tab, preferences, change appearance. This will tell you that a restart of CIS is required. Answer yes to this and CIS will do a cmoplete restart.