Comodo not sandboxing after upgrade...

[porkpiehat]

ok, I did the Comodo upgrade, and tested it with GRC Leaktest.... so on execution, the download was not sandboxed, whereas previously it was and I'd have to go through the process of getting it to run, etc.. then when the program was opened, Comodo allowed it to connect, whereas before I'd get the message connection could not be established... any ideas as to what is going on.. HELP...

 

[Moose]

Salutations,friends!

http://malwaretips.com/threads/sandboxie-not-working-on-windows-10.49013/#post-416690

http://malwaretips.com/threads/comodo-sandbox-settings.46074/#post-386800

Toolwiz Time Freeze
Shadow Defender.

 

[hjlbx]

ok, I did the Comodo upgrade, and tested it with GRC Leaktest.... so on execution, the download was not sandboxed, whereas previously it was and I'd have to go through the process of getting it to run, etc.. then when the program was opened, Comodo allowed it to connect, whereas before I'd get the message connection could not be established... any ideas as to what is going on.. HELP...

There may be firewall bugs with CIS W10 hotfix. I suggest checking the Comodo forum - under CIS \ Announcements. The Comodo forum is kind of difficult to navigate until one learns where everything is located...

Difficult to say what exactly is occurring...

 

[porkpiehat]

I've a feeling that I somehow 'trusted' some files that were supposed to be 'untrusted'???
the update was the 8.2.0.4674

 

[Deleted member 2913]

ok, I did the Comodo upgrade, and tested it with GRC Leaktest.... so on execution, the download was not sandboxed, whereas previously it was and I'd have to go through the process of getting it to run, etc.. then when the program was opened, Comodo allowed it to connect, whereas before I'd get the message connection could not be established... any ideas as to what is going on.. HELP...

Check with this too...you should get "Unlimited Rights" alert.
http://www.testmypcsecurity.com/sec...5sk1=dbd9c1370ef16554ce4fe999e6637a53f1ed8a55

 

[porkpiehat]

I get HIPS alert... clt.exe is trying to access System in memory. listed as unknown in file list, yet not run virtually..

 

[Deleted member 2913]

Are you running CIS defaults i.e Internet Security config or Proactive config or your custom config?

 

[hjlbx]

I get HIPS alert... clt.exe is trying to access System in memory. listed as unknown in file list, yet not run virtually..

@porkpiehat

CIS does not auto-sandbox files that attempt to access System in memory.

It is just a Protected Object (system resource access) alert and requires no sandboxing. The file is just trying to read memory...

Lots of user confusion about the access to System memory alerts.

If it is running un-sandboxed as an Unrecognized file, then that's a problem...

* * * * *

I would not be surprised if you are running W8.1. On W8.1, Proactive Security generates System memory access alerts when files are terminated - unless you create a HIPS allow rule for it.

Is this what you are seeing ?

 

[porkpiehat]

Win7, Proactive Security....
would the fact that I allow things to run when alerted by my other security progs have any effect on the file rating?

 

[porkpiehat]

maybe I should re watch Cruelsisters vids and re check my settings...

 

[Deleted member 2913]

I have never used Proactive config so cant say much.

Check FileList & see LeakTest & CLT.exe are in unrecognized or trusted?
Check FW settings & see "Dont show popups" is checked or unchecked?

Could be upgrade messed some settings.

 

[porkpiehat]

LeakTest & CLT.exe are in unrecognized
FW setting.. "Dont show popups" is checked

 

[Deleted member 2913]

"Dont show popups" is checked & set to allow or block?

Do you get green border around leaktest on execution?

 

[hjlbx]

maybe I should re watch Cruelsisters vids and re check my settings...

That's not going to change anything. In CIS, System is a protected object.

 

[hjlbx]

LeakTest & CLT.exe are in unrecognized
FW setting.. "Dont show popups" is checked

That is most likely because they are, indeed, Unknown (current file versions not included) in the Comodo Safe List and\or not digitally signed .

Just because clt.exe is authored by Comodo does not mean CIS will automatically treat it as Trusted.

It has to be both from Comodo and digitally signed with a current digital certificate to be Trusted. This is true of all files from all Trusted Vendors.

I would bet clt.exe is not digitally signed...

 

[hjlbx]

LeakTest & CLT.exe are in unrecognized
FW setting.. "Dont show popups" is checked

Firewall setting "Don't show pop-ups"... do you have it set to Allow or Block ?

 

[hjlbx]

Win7, Proactive Security....
would the fact that I allow things to run when alerted by my other security progs have any effect on the file rating?

No. CIS file ratings are independent of other soft\security soft file ratings.

 

[Tony Cole]

You really do not surprise me, even the biggest giants of the av industries are having problems i.e., Kaspersky. I really do not see why the issues have arisen, Windows 10 has been out for a long time, I put that question to their tech support and he just stated he could not answer that question. This is a serious issue as Comodo relies heavily on their sandbox technologies, and that’s the problem – their antivirus technology is very poor, so, you are left wide open to attack.

 

[hjlbx]

@porkpiehat

Difficult to help someone without direct access to their system...

Hard for user to explain what the issue is... hard for others to figure out what all of it means.

Just for your infos, if you are sitting behind a NAT router, clt.exe is going to give you incorrect results.

 

[Deleted member 2913]

He haven't yet replied on green border & FW set to allow or block.