Advice Request Comodo Sandbox - Restriction(s) Levels

[Tony Cole]

Morning Everyone:

Just a quick question re: Comodo Sandbox. If I create a rule to automatically run Google Chrome - run virtually, then edit this setting, under options: set restrictions level I've been trying limited and restricted, both work fine. Does this make the browser more secure?

Take care, and have a great weekend!! Tony

 

[SHvFl]

Yes they do in a way. Check this.

• Set Restriction Level – When Run Restricted is selected in Action, then this option is automatically selected and cannot be unchecked while for Run Virtually action the option can be checked or unchecked. The options for Restriction levels are:

• Partially Limited - The application is allowed to access all operating system files and resources like the clipboard. Modification of protected files/registry keys is not allowed. Privileged operations like loading drivers or debugging other applications are also not allowed.(Default)

• Limited - Only selected operating system resources can be accessed by the application. The application is not allowed to execute more than 10 processes at a time and is run without Administrator account privileges.

• Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications, like computer games, may not work properly under this setting.

• Untrusted - The application is not allowed to access any operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications that require user interaction may not work properly under this setting.

• Limit maximum memory consumption to – Enter the memory consumption value in MB that the process should be allowed.

• Limit program execution time to – Enter the maximum time in seconds the program should run. After the specified time, the program will be terminated.

 

[hjlbx]

Morning Everyone:

Just a quick question re: Comodo Sandbox. If I create a rule to automatically run Google Chrome - run virtually, then edit this setting, under options: set restrictions level I've been trying limited and restricted, both work fine. Does this make the browser more secure?

Take care, and have a great weekend!! Tony

I run IE using Limited; running Restricted or Untrusted it will not work properly.

Other browsers are the same.

Just try each restriction level. Use the most restricted level that allows the browser to operate correctly. It's trial and error...

 

[DracusNarcrym]

@Tony Cole It does make it more secure in that not only any files it creates or modifies reside in the safe isolated virtual system and are erased every time the sandbox is reset, but also many of its actions (e.g. if an exploit kit utilizes a vulnerability in the browser) are restricted to avoid undesired function (even if that malicious action by the exploit was performed, it would still be performed in the isolated space) by blocking that function.

How restriction levels work was accurately described by @SHvFl - the information which he posted can be found here (click) along with other information which might interest you.

I hope we all helped a bit.

 

[Solarlynx]

Just try each restriction level. Use the most restricted level that allows the browser to operate correctly. It's trial and error...

Well said!

When I sandbox Chrome with Comodo I can only "partially limit" - some extensions doesn't work and problems with printer appear at higher levels of restriction.

 

[Tony Cole]

Thanks everyone = I have the same problem @Solarlynx has, only able to partially limit Chrome - suppose that's better than nothing. I also (as cruelsister suggested) disable/block do not block virtualize access to.

 

[hjlbx]

Thanks everyone = I have the same problem @Solarlynx has, only able to partially limit Chrome - suppose that's better than nothing. I also (as cruelsister suggested) disable/block do not block virtualize access to.

It's OK. Sandboxie causes same type of mischief - dependent upon browser, extensions, external hardware, etc - some things just won't work when run in the sandbox.

Sometimes you can find work-arounds, other times it is not so easy.

Comodo is protecting system even at Partially Limited.

 

[aseu2k15]

Running chrome inside the sandbox, browsing with no issue, but when I close the browser, I get BSOD. I have tried several times (each restriction level) just same result, tested on real machine and a VM).

Anyone faced this issue?

CFW 8.2.0.4792 + ESET NOD32 9.0.349.0 vs Chrome 47.2526.80 (sandboxed) = BSOD

I am currently interested and testing CIS/CFW, but having some issues with google chrome (my main browser).

 

[jamescv7]

The Comodo Sandbox restriction levels provides aggressiveness if mishandled the tweaks, actually the default configuration is so far can maintained the masses of our programs and browsers you use.

You are still protected on that case, its matter how you can more restrict it so that none of any leaks may occur.

 

[aseu2k15]

The Comodo Sandbox restriction levels provides aggressiveness if mishandled the tweaks, actually the default configuration is so far can maintained the masses of our programs and browsers you use.

You are still protected on that case, its matter how you can more restrict it so that none of any leaks may occur.

I forget to mention that on default proactive config + default settings nod32 9 (off course ecxlusion each other). The issue is happens. But, I have no issue when eset v.9 removed.
This issue just solved by replacing eset v.9 with eset v.8. Currently, I have no issue so far.

 

[DracusNarcrym]

I forget to mention that on default proactive config + default settings nod32 9 (off course ecxlusion each other). The issue is happens. But, I have no issue when eset v.9 removed.
This issue just solved by replacing eset v.9 with eset v.8. Currently, I have no issue so far.

I was discussing this with @aseu2k15 and he confirmed that ESS v9 or NOD32 v9 cause conflicts and other issues with CFW (specifically the "Sandbox" component) however when he tested version 8 of those products, none of the aforementioned issues arised.

 

[Deleted member 178]

CFW has HIPS
ESET has HIPS

see the issue?

 

[Solarlynx]

Yep, double HIPS is as bad as double FW!

 

[DracusNarcrym]

CFW has HIPS
ESET has HIPS

see the issue?

@aseu2k15 mentioned that he had disabled all of ESS v9's components while he was testing the ESS + CFW combination (might require a reboot after disabling them, not sure if he did one), and nevertheless it seems that ESS's security components cannot be fully disabled, as if they were hard-coded to remain on even if they are apparently set to off (there were still conflicts with CFW even when ESS's security components were disabled).
The previous version of the products (version 8) had no apparent conflicts after a long time of testing, according to @aseu2k15.

 

[aseu2k15]

CFW has HIPS
ESET has HIPS

see the issue?

I've disabled ESET's HIPS via Advanced Setup by turned off all HIPS components (Enable HIPS: off, Enable self defense: off, Advanced Memory Scanner: off, Exploit blocker: off), Eset Real-time protection also disabled by click "Temporarily Disable Protection" via tray icon (I don't really know by doing this has fully disabled ESET's protection or not).

(might require a reboot after disabling them, not sure if he did one) a

Ah, my bad. I didn't
I'll back to my VM's to clarify this.

Yes, running ESET v.8 + CFW at default settings with no issue. Then make some tweaks to ESET HIPS (comodo exclusion) set to Smart Mode, also no issues.

Note: I tested on Virtualbox latest version and an old (v.9) VMware workstation, also on my real machine. Same OS (win7 SP1 x64), just had same issue, BSOD while run browser inside the sandbox.

 

[DracusNarcrym]

I've disabled ESET's HIPS via Advanced Setup by turned off all HIPS components (Enable HIPS: off, Enable self defense: off, Advanced Memory Scanner: off, Exploit blocker: off), Eset Real-time protection also disabled by click "Temporarily Disable Protection" via tray icon (I don't really know by doing this has fully disabled ESET's protection or not).

Ah, my bad. I didn't
I'll back to my VM's to clarify this.

Yes, running ESET v.8 + CFW at default settings with no issue. Then make some tweaks to ESET HIPS (comodo exclusion) set to Smart Mode, also no issues.

Note: I tested on Virtualbox latest version and an old (v.9) VMware workstation, also on my real machine. Same OS (win7 SP1 x64), just had same issue, BSOD while run browser inside the sandbox.

Thanks for the multiple clarifications. I don't think this thread is appropriate to continue this discussion further though, but still, let us know what you find out.
You may post the results in our conversation first to verify them.