Poll

Should CCAV block unknown files running under sandboxie when CCAV is set to "Run only safe applcations"?

Yes, I use sandboxie for my legit apps just in case something nasty gets downloaded
1 (50%)
I want CCAV to be able to block ANY unknown file, no matter how it's started or what started it.
1 (50%)
I mean...I never really thought about it
0 (0%)
Nah, I'm good the way it is
0 (0%)

Total Members Voted: 1

Voting closed: July 19, 2018, 05:29:47 PM

Author Topic: CCAV & unknown files running inside Sandboxie  (Read 676 times)

Offline DrAlrek

  • Comodo Loves me
  • ****
  • Posts: 125
CCAV & unknown files running inside Sandboxie
« on: June 19, 2018, 05:29:47 PM »


How to re-create this problem: Set CCAV's sandbox settings to "run only safe applications". In the sandbox of sandboxie that you'll be using, disable auto-recovery. Open a browser inside sandboxie. download a setup file for something that's unknown to comodo inside that sandboxie'd web browser. Attempt to open the file straight from that Sandboxie'd web browser's download history or whatever prompt that would let you run it straight from the Sandboxie'd browser.

Expected result: CCAV won't block it when set to "run only safe applications" in CCAV's sandbox settings and the file will run inside sandboxie's supervision. This isn't much of a security risk, unless the unknown file was spyware loaded from an exploit kit it. If that's the case, it could still do its damage pretty much unhindered.

Desired result: CCAV will block the unknown file when set to "run only safe applications" no matter what and submit the unknown file to Valkyrie and the regular cloud too. For that last part, a tickbox should be added in case the user wouldn't want that, but it should be enabled by default
ProactiveSecurity
AV: Heur to medium, auto-quarantine, Lite database
HIPS/FW: SafeMode AutoBlock on.
Container: autoblock, but sandbox Chrome&Firefox
Cloud lookup: off, removed unused entries from vendor list
VirusScope: monitor all, auto-quarantine

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek