INTRODUCTION
As you know CIS, since v6, has an Auto-Sandbox (called behavior Blocker on v8, and now on v10 it is called "Containment" ) and an HIPS.
On the settings, HIPS can be "disabled" , about searching on Comodo Forum, "disabling" is not "turning-off" the HIPS, just "hidding" it
THEORY
1- HIPS disabled
the Autosandbox will do the prevention job running the process in a restricted mode (set by the user) , unless the "full virtualization" is enabled, in this case the process is totally functional but will not harm the system.
The HIPS will activate only on unrecognized files that do not enter in the BB rules.
2- HIPS enabled
The BB is still active, and still acting depending its rules (as above).
The HIPS is now "woke up" and every actions of the process generate an alert from the HIPS regardless of the BB actions.
The HIPS will have priority, it is why Comodo developers suggest to average users to choose either the HIPS or the Autosandbox , using both is for advanced users who want total control of CIS
TEST
For the test i will use a "safe" keygen.
CIS' Autosandbox is set to full virtualization so the keygen will run as if in my real system
1- Autosandbox enabled / HIPS disabled
As you can see no reaction from the HIPS, the Autosandbox had priority
2- Autosandbox Enabled/HIPS enabled
a- HIPS popup appears, if user allow, (then the Autosandbox take the relay as shown above)
if user block :
3- Autosandbox disabled/HIPS enabled
only the HIPS will generate alerts, one alert for each modifications on the system.
This is all i know for the moment, i will update when i will discover new elements.
As you know CIS, since v6, has an Auto-Sandbox (called behavior Blocker on v8, and now on v10 it is called "Containment" ) and an HIPS.
On the settings, HIPS can be "disabled" , about searching on Comodo Forum, "disabling" is not "turning-off" the HIPS, just "hidding" it
THEORY
1- HIPS disabled
the Autosandbox will do the prevention job running the process in a restricted mode (set by the user) , unless the "full virtualization" is enabled, in this case the process is totally functional but will not harm the system.
The HIPS will activate only on unrecognized files that do not enter in the BB rules.
2- HIPS enabled
The BB is still active, and still acting depending its rules (as above).
The HIPS is now "woke up" and every actions of the process generate an alert from the HIPS regardless of the BB actions.
The HIPS will have priority, it is why Comodo developers suggest to average users to choose either the HIPS or the Autosandbox , using both is for advanced users who want total control of CIS
TEST
For the test i will use a "safe" keygen.
CIS' Autosandbox is set to full virtualization so the keygen will run as if in my real system
1- Autosandbox enabled / HIPS disabled
As you can see no reaction from the HIPS, the Autosandbox had priority
2- Autosandbox Enabled/HIPS enabled
a- HIPS popup appears, if user allow, (then the Autosandbox take the relay as shown above)
if user block :
3- Autosandbox disabled/HIPS enabled
only the HIPS will generate alerts, one alert for each modifications on the system.
This is all i know for the moment, i will update when i will discover new elements.
Last edited by a moderator:
