App Review Comodo Sandbox (Auto-Containment) have a bug on Windows 10?

[abdou17]

When set the containment to BLOCK and run files that dont need admin privileges files won't be blocked and run in the containment instead at PL
any one have this problem ??

 

[Av Gurus]

Win 10 or Win 7?

 

[abdou17]

Win 10 or Win 7?

Win 10

 

[Av Gurus]

Can you put a screenshots of your settings (only that Sandbox>block settings)?

 

[abdou17]

Can you put a screenshots of your settings (only that Sandbox>block settings)?

 

[Av Gurus]

Wrong settings.
Set it like this:

 

[128BPM]

Wrong settings.
Set it like this:

View attachment 182539 View attachment 182540 View attachment 182541 View attachment 182542

But in that way the auto-sandbox becomes an Anti-Executable, I'm wrong?

 

[Av Gurus]

...yes, something like that

 

[cruelsister]

I'm interested in why she put in her video test/suggestion (about setting Comodo) to "Restricted" mode when "Partially Limited" is enough?

Superb question! Whenever I do a video I try to make it relevant to the majority of Windows users. Normally this is no issue, but in this case it is. But here is my rationale for my settings:

1). There are two classes of Windows users- those on Win10 and those that are not. Currently Win10 only has about 30% market presence.
2). There are two classes of malware- those that request Elevation and those that do not.

So the Restricted mode will protect as advertised (as it should) all those on non-Win10 systems as well as ALL Windows systems that happen upon malware that do not request elevation. So "dumbing down" the containment protection for the minority was not a viable option for me. That being said, I'm in thought production of a video that will clarify things further- it's complicated so will take a bit of time to complete (and will also cause me to space out on dates, which is never a good thing!).

Anyway, tonight when I get back home I'll release a video that (thank God) has nothing at all to do with Comodo, but is instead a fun video about a specific in-browser Cryptocurrency Miner and how different Browsers deal with it (also has a song that makes me cry every time I hear it...).

 

[Chimaira]

Are you sure about this?

If UAC is completely disabled then I would suspect that if a standard rights program attempted to restart as elevated, it would succeed, because nothing would be there to stop it?

Have you actually tested all of this properly? Not being able to spawn as administrator yourself is not the same as other programs being unable to do it.

Never tested so that is why I am asking.

The program can only run under the user you are using, the program would have to somehow successfully manage to execute the command to run as a different user AND enter the Admin accounts user name and password. Without doing that any program will simply fail.
I am not the best to test this kind of thing but anybody is free to do it themselves if they are interested.

 

[Chimaira]

Hi Guys- Yes, there is indeed an issue in Win10 that when running a file that requests Privilege elevation Comodo will run it at the PL setting no matter what. By the way, this will occur with UAC on or UAC off. The question is, is this in any way significant for protecting the system? The answer is absolutely not. Although the PL setting will allow stuff to make some trivial environmental changes, actual infection of the system will be prevented.

I'm being purposefully vague on this matter, but will (if time permits) post a video about this topic, contrasting Wi7 with Win10, and showing the rare (and stupid) worst case scenario that could occur. Until then this matter can be resolved for CF users on Win10 by selecting the Block option on the "Do not show privilege elevation alerts" setting in Containment.

ps- I hope that there will be as much outrage about certain other products when I post my 2nd opinion scanner video in April...

I think the outrage is a good thing, it means that many love Comodo and believe in its protection and simply want it to work as it should. If nobody cared we wouldn't be here right now.

We just want our settings to work. I accept that PL is enough protection, I still want to use restricted and have it work. I don't want my security to be enough, I want it to be locked down tight.

Thanks for talking to us mad outraged savages.

 

[Av Gurus]

Superb question! Whenever I do a video I try to make it relevant to the majority of Windows users. Normally this is no issue, but in this case it is. But here is my rationale for my settings:

1). There are two classes of Windows users- those on Win10 and those that are not. Currently Win10 only has about 30% market presence.
2). There are two classes of malware- those that request Elevation and those that do not.

So the Restricted mode will protect as advertised (as it should) all those on non-Win10 systems as well as ALL Windows systems that happen upon malware that do not request elevation. So "dumbing down" the containment protection for the minority was not a viable option for me. That being said, I'm in thought production of a video that will clarify things further- it's complicated so will take a bit of time to complete (and will also cause me to space out on dates, which is never a good thing!).

Anyway, tonight when I get back home I'll release a video that (thank God) has nothing at all to do with Comodo, but is instead a fun video about a specific in-browser Cryptocurrency Miner and how different Browsers deal with it (also has a song that makes me cry every time I hear it...).

OK, tnx
This red thing, do you have some good evidence about that info?
Win 10 at 30%, and Win 7 at 50-60%?

 

[509322]

OK, tnx
This red thing, do you have some good evidence about that info?
Win 10 at 30%, and Win 7 at 50-60%?

Everybody has different statistics:

Operating system market share

No, Windows 10 hasn’t beaten Windows 7’s market share. Not for sure, anyway

Windows 10 surpasses Windows 7 in global market share according to StatCounter

What does it really matter ? Common sense dictates that Windows 10 still has not yet surpassed Windows 7 market share despite what might be reported from time-to-time on the filthy web. Even if it is 50:50, 60:40 or 40:60 it does not matter.

 

[Av Gurus]

It matter.
Then we can put uninformed information all the time for anything.
What if the majority users is on Windows 10, then these settings on most PCs do not work properly?

 

[cruelsister]

AVG- The Partially Limited setting will protect your system just fine. There are just some environmental changes that can be made and easily reversed on the rare occasion that a Win10 user would come across a file that wants to make such changes and also asks for elevation. If you are worried, just click on the block setting for files that request elevation (as seen at 2:15 of my addendum video; I kind of saw this coming...).

 

[Av Gurus]

I set my settings to Block (see my settings above: Video Review - Comodo Sandbox (Auto-Containment) have a bug on Windows 10?) so no worry for me.

Just one more question: Why don't you test/record video on Windows 10 OS?
It is the latest OS and pretty soon it will be the only one (when Win 7 become like Win XP)?

 

[erreale]

I wanted to make some remarks about this "problem", well known since it arrived Windows 10. Given that it would certainly be better to find a solution to Partially Limited, but it is equally certain that if this setting were not so secure there would be a lot of posts where users complain about malware infections. And this did not happen. In Partially Limited the modification of protected files/registry is not allowed. Privileged operations like loading drivers or debugging other applications are also not allowed. So malware could not do much even if not fully virtualized. If we add to this the fact that everyone also has an antivirus or antimalware installed (even the "simple" Windows Defender), it seems to me that the possibility of suffering a malware infection is very remote. As an additional layer, you can still activate the Comodo Hips modulus (I honestly have never deactivated it). With all these premises, I would say that I have no reason not to sleep serenely at night.