Problems with autosandbox

[Antimalware18]

Anyone ever had problems between the settings you have and what acctualy happens when a file is run?

Ive been playing around with the comodo leak test and i decided to run killswitch to check the restriction level, youll notice from the pictures all unrecognized apps will be run as "untrusted" yet killswitch notes it as being run "partially limited"

wondering if i need to do a clean install. I already reset the sandbox rules to default.

And then in this picture you can see it running as "partially limited"

 

[shmu26]

the autosandbox of comodo puts unknowns in a fully virtualized but partially limited environment.
partially limited means that it has desktop hooks, which is enough for most programs to run normally. That way you can test the program's functioning, or even run it always sandboxed (for instance, your browser).
In this mode, any changes to the file system will be temporary, and will wash away after a reboot, with the possible exception of your desktop background.
So it sounds to me like you are seeing expected behavior

 

[509322]

And then in this picture you can see it running as "partially limited"

Try rebooting system after changing the setting from "Partially Limited" to "Untrusted."

There is not always 100 % absolute agreement between CIS' Task Manager and KillSwitch column\line-item terminology. It can be confusing.

View CIS Task Manager to see what it says...

 

[MalwareBlockerYT]

Comodo Sandbox never worked correctly for me. Sometimes it would sandbox things and then other times it just wouldn't bother to. Never found out why because I just stopped using it.

 

[shmu26]

Comodo Sandbox never worked correctly for me. Sometimes it would sandbox things and then other times it just wouldn't bother to. Never found out why because I just stopped using it.

it depends whether it considers the file "unknown", and that can change according to cloud updates or your personal settings or an interaction between them.

If you want to keep a file out of autosandbox and not have it come back in, so the way to do it is: when the prompt first pops up, you must resist the temptation to mark it as trusted!
First, you need to click on not autosandbox again, and if you do this step first, the rule will always work, even if subsequent cloud updates put the file back into unknown status.
After you have made your rule, you can then safely mark the file as trusted, and hope it will stay that way.

 

[XxX Legolas XxX]

Try rebooting system after changing the setting from "Partially Limited" to "Untrusted."

There is not always 100 % absolute agreement between CIS' Task Manager and KillSwitch column\line-item terminology. It can be confusing.

View CIS Task Manager to see what it says...

I agree with your suggestion.

I think YTD Video Downloader is malware and Antimalware18 you have it on your Windows 10.

You can broke your network and browser with Comodo Leaktests.

Test firewall with Comodo Leaktests in Virtual Box.

 

[Antimalware18]

the autosandbox of comodo puts unknowns in a fully virtualized but partially limited environment.
partially limited means that it has desktop hooks, which is enough for most programs to run normally. That way you can test the program's functioning, or even run it always sandboxed (for instance, your browser).
In this mode, any changes to the file system will be temporary, and will wash away after a reboot, with the possible exception of your desktop background.
So it sounds to me like you are seeing expected behavior

But will this level of restriction stop ransomware even if fully virtual?

Try rebooting system after changing the setting from "Partially Limited" to "Untrusted."

There is not always 100 % absolute agreement between CIS' Task Manager and KillSwitch column\line-item terminology. It can be confusing.

View CIS Task Manager to see what it says...

Tried it thismorning after waking up, even in comodo's task manager its registering as "partially limited"

Here's something funny. I just uploaded YTD to VT to check detections using VThashcheck app. (which is only 2/57 so I would say its grayware at worst clean at best).
And it was sandboxed and for the fun of it I checked its level via comodo task manager and it was run as untrusted!

So maybe there is some background intelligence when choosing what restriction to place on sandboxed files?

It should be noted that I have all cloud lookup under file rating tab unchecked and turned off....supposedly

 

[shmu26]

But will this level of restriction stop ransomware even if fully virtual?

CruelSister, who is an acknowledged expert in this area, says that this level of restriction will definitely stop the ransomware. Although the ransomware will be able to display its scary message on your desktop, all the changes to your file system are virtualized, and you just need to reboot in order to wash all changes away.
But you might have to reset your desktop wallpaper back to your favorite pic. That is the only change that can remain after reboot.

As was suggested by others, you can set the unknowns to a higher level of restriction, if you like. However, this will limit your ability to test-run them, or use them virtually.

 

[Antimalware18]

CruelSister, who is an acknowledged expert in this area, says that this level of restriction will definitely stop the ransomware. Although the ransomware will be able to display its scary message on your desktop, all the changes to your file system are virtualized, and you just need to reboot in order to wash all changes away.
But you might have to reset your desktop wallpaper back to your favorite pic. That is the only change that can remain after reboot.

As was suggested by others, you can set the unknowns to a higher level of restriction, if you like. However, this will limit your ability to test-run them, or use them virtually.

Aye, thank you.