Comodo Sandbox or Avast sandbox?
- Thread starter win7holic
- Start date
BoXX28 said:I would choose Avast's Sandbox over Comodo because Comodo only restricts the file's access to several system folders and the registry,
It depends which sandbox you're talking about. The automatic sandbox works by access restriction, but the manual sandbox is full virtualization.
- Apr 20, 2011
- 2,079
HeffeD said:BoXX28 said:I would choose Avast's Sandbox over Comodo because Comodo only restricts the file's access to several system folders and the registry,
It depends which sandbox you're talking about. The automatic sandbox works by access restriction, but the manual sandbox is full virtualization.
i mean.. i want use avast AV with comodo firewall.. which between that.. i just one sandbox.. from avast or comodo
so.. what you choose heffed? avast sandbox..?
LoftedAphid86
New Member
- Feb 24, 2011
- 1,107
Here are the things to think about:win7holic said:HeffeD said:BoXX28 said:I would choose Avast's Sandbox over Comodo because Comodo only restricts the file's access to several system folders and the registry,
It depends which sandbox you're talking about. The automatic sandbox works by access restriction, but the manual sandbox is full virtualization.
i mean.. i want use avast AV with comodo firewall.. which between that.. i just one sandbox.. from avast or comodo
so.. what you choose heffed? avast sandbox..?
- Avast's automatic sandbox depends on heuristics, Comodo's automatic sandbox isolates any unknown file.
- Avast's automatic sandbox is virtualisation based, Comodo's automatic sandbox is rule based.
- Both Comodo and Avast's manual sandboxes are virtualisation based.
- Comodo's manual sandbox is free, Avast's is not.
- Apr 20, 2011
- 2,079
elliotcroft said:Here are the things to think about:win7holic said:HeffeD said:BoXX28 said:I would choose Avast's Sandbox over Comodo because Comodo only restricts the file's access to several system folders and the registry,
It depends which sandbox you're talking about. The automatic sandbox works by access restriction, but the manual sandbox is full virtualization.
i mean.. i want use avast AV with comodo firewall.. which between that.. i just one sandbox.. from avast or comodo
so.. what you choose heffed? avast sandbox..?
- Avast's automatic sandbox depends on heuristics, Comodo's automatic sandbox isolates any unknown file.
- Avast's automatic sandbox is virtualisation based, Comodo's automatic sandbox is rule based.
- Both Comodo and Avast's manual sandboxes are virtualisation based.
- Comodo's manual sandbox is free, Avast's is not.
so..? that why you use comodo firewall with avast.. but you use avast with disable sandbox..? and use comodo sandbox..?
LoftedAphid86
New Member
- Feb 24, 2011
- 1,107
I disabled Avast's automatic sandbox.win7holic said:so..? that why you use comodo firewall with avast.. but you use avast with disable sandbox..? and use comodo sandbox..?
- Apr 20, 2011
- 2,079
elliotcroft said:I disabled Avast's automatic sandbox.win7holic said:so..? that why you use comodo firewall with avast.. but you use avast with disable sandbox..? and use comodo sandbox..?
are you use.. default setting for comodo firewall?? and use high or medium heuristic on your avast config?
LoftedAphid86
New Member
- Feb 24, 2011
- 1,107
I set Comodo's sandbox to restricted, a lower setting allows ransomware to encrypt files.win7holic said:elliotcroft said:I disabled Avast's automatic sandbox.win7holic said:so..? that why you use comodo firewall with avast.. but you use avast with disable sandbox..? and use comodo sandbox..?
are you use.. default setting for comodo firewall?? and use high or medium heuristic on your avast config?
LoftedAphid86
New Member
- Feb 24, 2011
- 1,107
Valentin N
Level 2
- Feb 25, 2011
- 1,314
Hey Win7
I would go for comodo's; comodo has dealt with the sandbox for some time now and lets not forget that it's something new for Avast to deal with, so it needs time to mature (when comodo lanched their first sandbox it didn't work as well as it does now). I also think that comodo uses the sandbox the right way (personal opinion) with unknown files.
Do you have WMware player? if you do I my best suggestion is that you try Comodo's sandbox and then avast's and after that it's your choice which you like best.
If you do chose to stick with Avast's then go to CIS tray icon and right click --> Configuration --> firewall Security.
Regards,
Valentin N
I would go for comodo's; comodo has dealt with the sandbox for some time now and lets not forget that it's something new for Avast to deal with, so it needs time to mature (when comodo lanched their first sandbox it didn't work as well as it does now). I also think that comodo uses the sandbox the right way (personal opinion) with unknown files.
Do you have WMware player? if you do I my best suggestion is that you try Comodo's sandbox and then avast's and after that it's your choice which you like best
. If you do chose to stick with Avast's then go to CIS tray icon and right click --> Configuration --> firewall Security.
Regards,
Valentin N
bogdan
Level 1
- Jan 7, 2011
- 1,362
The auto-sandbox in COMODO was introduced to lower the number of HIPS pop-ups and works by restricting the rights of executable files. The executable is not allowed to perform certain operations that can be harmful to the system. The Default level (Partially Limited) prevents modification of protected files/registry keys and the loading of drivers or the right to debug other applications. However some malware won't affect your system files but will encrypt your documents (for example in My Documents folder) and will demand a ransom to decrypt them (hence the name "ransom-ware"). It isn't a common way for malware to operate but it is possible and such malware is found in-the-wild.
A higher level (Restricted) will prevent this from happening.
The auto-sandbox affects all executables that are not known to COMODO (they are not digitally signed by a Trusted Vendor, they are not present inside the white-list, they are not known pieces of malware) so this means that some non-malicious executables can be auto-sandboxed as well. The Restricted level might prevent them from working properly. However, if you encounter this issue my advice is to make sure the file is not malicious by uploading it to VirusTotal, since COMODO's whitelist is pretty large at this point.
Check How to Tell if a File is Malicious guide by Chiron (on techsupportalert).
The auto-sandbox in avast uses file and registry virtualization. The executable is allowed to access a virtualized copy of your resources (actual files and registry keys should not be affected). But only some executables are auto-sandboxed (so malware might get through) and some non-malicious apps might not work well inside this sandboxed environment. The on-demand sandbox in COMODO works the same way (you can access it from Defense+ > Run a program in the Sandbox)
To sum it up:
- If you are comfortable interpreting HIPS pop-ups (advanced): Disable sandbox in COMODO use avast's sandbox. Instead of auto-sandboxing the file, COMODO will show HIPS pop-ups. You are responsible for how you interpret and answer them.
- If you don't like many HIPS pop-ups (recommended to most users): Disable sandbox in avast, set COMODO's sandbox to Restricted.
- If you think the sandbox prevents a good application from running properly make sure the executable is not malicious by uploading it to Virus Total.
- Only if you are absolutely sure the application is not malware, run it again and click "Do not sandbox again".
win7holic said:
I have CIS's auto-sandbox enabled and set to restricted. But for full virtualization, I use Sandboxie. Comodo needs to make their manual sandbox more configurable for me to start using it. I know absolutely nothing about Avasts sandbox, so I can't comment on it.
Valentin N
Level 2
- Feb 25, 2011
- 1,314
if you have a multi core cpu (2 or more cores) and 4GB ram install WMware and try it there. Don't type any key when installing the OS and disable windows update so that Windows doesn't activate itself (in case you need to reinstall the OS on your real machine)
Regards,
Valentin N
Regards,
Valentin N
- Status
Similar threads
