Advice Request Comodo Bug or Design Issue or ...?

  • Thread starter Deleted member 2913
  • Start date

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
D

Deleted member 2913

Thread author
Hey Guys,

Win 10 64 Pro
CFW V10 (proactive config + customization)
Default "Downloads" is my downloads folder
Note - Sandbox setting - "Do not virtualize specified files/folders" - Unchecked

I ran Vivaldi 64 Bits portable in Comodo sandbox i.e rightclick Vivaldi & "Run in Comodo Sandbox".

If I download with browser, downloads dont appear in downloads folder...expected, right?
If I download with Internet Download Manager, downloads appear in downloads folder...bug or design or ...?

I wonder, CFW has the design issue as VoodooShield "Parent Process" option?

Info, confirm, etc...?

Thank You

UPDATE
I tested 5 times & got the same results And strange issue...

Vivaldi 64 Bits Portable
Google Chrome 64 Bits Installed
Internet Explorer

The issue I have mentioned above happens with both Vivaldi & Chrome... BUT not with Internet Explorer

Here is strange issue...
If you test only Chrome & Vivaldi i.e not Internet Explorer then issue happens everytime both are tested.
If you anytime test with Internet Explorer & then test with Chrome & Vivaldi then the issue dont happen with both too i.e IDM is correctly sandboxed

And, once IDM runs in sandbox & you clean sandbox then IDM in browsers context menu goes greyed out & doesn't work, both sandboxed & not sandboxed browsers. After system restart, IDM issue is solved.
 
Last edited by a moderator:

vivid

Level 5
Verified
Dec 8, 2014
206
If it communicates with existing driver object outside Sandbox, it's not a bug. Otherwise, virtualized applications will not function correctly. However, it is possible to block access to device objects by utilizing restriction levels.
I'll provide another example : launch Process Hacker on your system, kprocesshacker3 driver is used and it's not stopped when you exit Process Hacker. When Process Hacker is executed again as fully virtualized, it can still communicate via \Device\KProcessHacker3 driver object which Sandbox will not block access to. (in case it is unclear: most users will incorrectly assume that any process can be killed)
Sandbox prevents unrecognized applications from starting, installing kernel-mode drivers and there's no risk.
 
  • Like
Reactions: ZeroDay
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top