Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Comodo Sandbox (Auto-Containment) have a bug on Windows 10?
Message
<blockquote data-quote="AtlBo" data-source="post: 718655" data-attributes="member: 32547"><p>I'm running W7 and I have it set to Partially Limited already. What a waste of a good thing I guess, since the elevation + restricted setting would work as intended in W7 (UAC on). I want to see what programs do though, and a good many unsigned will run in Partially Limited. I noticed, however, that there seem to be extensive write protections.</p><p></p><p>Couldn't find any way to get a P/L (virtualized) app to allow a write outside the sandbox. Like I tried to save to the Documents folder but no save. Same thing with remote drives. Actually, the list goes on and on. I finally managed to use a P/L virtualized app to save on the Root users folder inside the sandbox...also in the user profile folder in the VT root folder. Strangely I guess, I was able to save to appdata areas like Roaming and Local, etc. Still, apps at P/L seem to have access to data but very few write options. Some portables write to their folder. Forget about running them P/L from a remote drive if they require the ability to write user settings to their folder...</p><p></p><p>I used FullEventLogView from NirSofer. Delete the dev from the TVL then run the file from downloads or whereever. It's almost a portable. File->save selected events->to test the write locations. It won't trigger an elevation request, so Auto-contain should be set to "Partially Limited", unless in W10 w/UAC on lol...</p><p></p><p>Anyone know of a test of Petya against Comodo Partially Limited? It would be fun to work with the SUA based malwares (that do their dirty work without elevation) to see if they can be contained by that setting. I think Petya works without elevation if I recall.</p><p></p><p>Any information to see the limitations of P/L would be very helpful and maybe add some confidence!</p></blockquote><p></p>
[QUOTE="AtlBo, post: 718655, member: 32547"] I'm running W7 and I have it set to Partially Limited already. What a waste of a good thing I guess, since the elevation + restricted setting would work as intended in W7 (UAC on). I want to see what programs do though, and a good many unsigned will run in Partially Limited. I noticed, however, that there seem to be extensive write protections. Couldn't find any way to get a P/L (virtualized) app to allow a write outside the sandbox. Like I tried to save to the Documents folder but no save. Same thing with remote drives. Actually, the list goes on and on. I finally managed to use a P/L virtualized app to save on the Root users folder inside the sandbox...also in the user profile folder in the VT root folder. Strangely I guess, I was able to save to appdata areas like Roaming and Local, etc. Still, apps at P/L seem to have access to data but very few write options. Some portables write to their folder. Forget about running them P/L from a remote drive if they require the ability to write user settings to their folder... I used FullEventLogView from NirSofer. Delete the dev from the TVL then run the file from downloads or whereever. It's almost a portable. File->save selected events->to test the write locations. It won't trigger an elevation request, so Auto-contain should be set to "Partially Limited", unless in W10 w/UAC on lol... Anyone know of a test of Petya against Comodo Partially Limited? It would be fun to work with the SUA based malwares (that do their dirty work without elevation) to see if they can be contained by that setting. I think Petya works without elevation if I recall. Any information to see the limitations of P/L would be very helpful and maybe add some confidence! [/QUOTE]
Insert quotes…
Verification
Post reply
Top