CIS Sandbox Settings Query

[Deleted member 2913]

I use Sandboxed browser for only browsing & no downloads.
I install something sandboxed only temporary.

So can I disable safely the 2 options---
1. Can I safely uncheck "Do not virtualize access to specified files/folders"?
2. Can I safely uncheck "Enable automatic startup for services installed in the sandbox"?

Any probs unchecking the 2 options?

 

[kiric96]

these options MUST be disabled, for example if you run a ransom within the sandbox and the option "do not virtualize..." is on then the folders that are marked under that section will be compromised, as for the other one... sure you can disable them

 

[Deleted member 2913]

But I guess as I dont download with sandboxed browser & dont share anything with shared space then no probs i.e that option only has shared space folder.

 

[Sloth]

You won't face any issues if you disable those options.

 

[Ink]

Help materials for Comodo, Configure the Sandbox; https://help.comodo.com/topic-72-1-451-4768-Configure-the-Sandbox.html

 

[Deleted member 2913]

You won't face any issues if you disable those options.

Thanxx for the info.

 

[Deleted member 2913]

Help materials for Comodo, Configure the Sandbox; https://help.comodo.com/topic-72-1-451-4768-Configure-the-Sandbox.html

Thanxx for the link.
Looking into it...

 

[jamescv7]

As always if you are going to exclude from Sandbox then for sure its your secondary partition of Hard Drive not the primary one as possible.

 

[kiric96]

please check those folders thar are under "Do not virtualize access..." setting as per default it includes some location that may harm sensitive files, and remember you can get infected even when loading a page, so is not necessary a download to get infected

 

[Deleted member 2913]

There is only 1 folder by default & its Shared Space folder. I think this folder is only used for downloads through sandboxed browser. And serves no other purpose.

 

[Deleted member 2913]

I use Sandboxed browser for only browsing & no downloads.
I install something sandboxed only temporary.

So can I disable safely the 2 options---
1. Can I safely uncheck "Do not virtualize access to specified files/folders"?
2. Can I safely uncheck "Enable automatic startup for services installed in the sandbox"?

Any probs unchecking the 2 options?

The 1st option above...for that option specified files/folders by default are shared space & download folder on the system.
I installed InternetDownloadManager sandboxed. And then reset the sandbox. IDM creates category like programs/music/video, etc... in the downloads folder. Reset sandbox didn't cleared these folders as the access to downloads folder for sandboxed programs is not virtualize.

I then unticked the 1st option & tried IDM sandboxed & reset sandbox again & this time those folder were removed too.

So its good to untick the 1st option mentioned above.

Now 2nd option mentioned above.
What does it do?
Can anyone explain in details?


UPDATE - Dont know if its a bug or not. If you open shared space from the GUI then 1st option gets ticked automatically & a new shared space entry is added in specified files/folders...the new shared space entry is the same as the already present shared space entry.

I will post on Comodo forum...but if they ask for standard format then will forget it.

 

[hjlbx]

@yesnoo

I'm sure you already looked in CIS Manual:

Advanced Settings:


• Enable automatic startup for services installed in the sandbox - By default, CIS does not permit sandboxed

services to run at Windows startup. Select this check-box to allow them to do so. (Default = Enabled) = typo... should be Disabled

I haven't gotten to test his yet, but my understanding is that it is for apps that are to always be run sandboxed. In CIS user can force start apps in the sandbox - even at Windows startup. To accomplish sandboxed apps at Windows startup, there are instances where services will have to be allowed to run sandboxed. The above setting permits this...

 

[Deleted member 2913]

So you mean the option doesn't apply on autosandbox & sandbox through elevated privilege alert & rightclick run sandbox, right?

The user has to manually add the program to run sandbox & modify the options there to enable the added program to run automatic on startup - "Enable automatic startup....." option apply on this, right?

What do you mean by typo default - enabled?
The option is enabled by default.

 

[hjlbx]

So you mean the option doesn't apply on autosandbox & sandbox through elevated privilege alert & rightclick run sandbox, right?

The user has to manually add the program to run sandbox & modify the options there to enable the added program to run automatic on startup - "Enable automatic startup....." option apply on this, right?

What do you mean by typo default - enabled?
The option is enabled by default.

Ooops... it is ticked by default... isn't it ? My bad...

It is unclear. I'm not sure exactly how it would affect CIS if disabled - since I haven't yet had a chance to mess with the setting.

You know how Comodo's description of settings is sometimes very unclear; a CIS setting will enable and behave in a manner completely unexpected based solely upon how it is worded in the GUI.

To be perfectly honest, I just don't know. Reading the manual I think it means it applies only to apps forced to run sandboxed... but then why is it enabled by default ?

I really like CIS and all, but even I admit that all the settings - knowing what they do and how to manage them is a real challenge. Lack of complete infos doesn't help matters... and high-level, experienced users that are willing to share infos and help is even more rare.

Sorry, off topic...

 

[Deleted member 2913]

Yeah, I too dont understand the option completely.
I have asked in Comodo forum.
Lets see if we get any clear & detail info.

 

[hjlbx]

I have asked in Comodo forum.
Lets see if we get any clear & detail info.

You and I both know the chance of that happening is quite small, but who knows, we just might be pleasantly surprised.

 

[Deleted member 2913]

I hope they dont direct me to help files.
And hope a Dev replies the topic.

 

[kiric96]

@yesnoo i told you it was a good idea to disable the first option... so, now you see.. as for the second one, when you virtualize, some apps creates autorun entries to work normally, of course this is written in a copy of your original registry, however sanboxed apps will run isolated in next reboot, so, no worries... this setting just enable that "key" to work on next reboot, this is option can be usefull if you analize malware.

 

[Deleted member 2913]

So if I dont want any sandboxed apps to run on startup then I can safely disable it, right?

And if the option is disabled & a sandboxed apps was not able to create autorun entry...would I be able to use that app manually?

 

[kiric96]

sure men, remember that no matter what, autorun keys are created, what you are doing is just turning off that key.. it is the same like if you use autoruns (by sysinternals).... and i think that autoruns keys has nothing to do with the general behaviour of an app, what i mean is that you can use it no matter if it starts with windows or not... as long you dont change the service status asociated with that program it is fine