The fate of COMODO ?

[cruelsister]

As I noted in post 35, you can on demand change back to the old sandbox levels, but this isn't something that you want to do. When you change the rules to Restrict, you are going out of Full V mode entirely.

For example, run some of the CTB-Locker malware found on Virus Exchange in Full V mode (the default) and the system will be protected. Change the global rule to Run Restricted at the Partially Limited level and your files will be encrypted.

So this is why I didn't want to be specific on how changing the sandbox protection level is accomplished as it is a very, very bad idea to do so.

 

[hjlbx]

As I noted in post 35, you can on demand change back to the old sandbox levels, but this isn't something that you want to do. When you change the rules to Restrict, you are going out of Full V mode entirely.

For example, run some of the CTB-Locker malware found on Virus Exchange in Full V mode (the default) and the system will be protected. Change the global rule to Run Restricted at the Partially Limited level and your files will be encrypted.

So this is why I didn't want to be specific on how changing the sandbox protection level is accomplished as it is a very, very bad idea to do so.

Hello cruelsister,

Comodo's infos on this detail certainly is not clear.

I thought that the policy restrictions were imposed inside a fully virtualized container - a la Sandboxie - which prevents driver installs and can be further configured to limit privileges.

Obviously, they are not. From your description, invoking the restriced permission levels transforms the sandbox from a virtual one to nothing more than a policy/permissions sandbox - a la AppGuard.

Damn right...wickedly bad idea. Too bad most users are unaware of this fact...

That irks me to no end...Phoooeeeee!

 

[cruelsister]

It's actually intuitively obvious what is going on if the settings are changed. Before you can set the Restriction Level to Partially Limited, Limited, or whatever, you first must change the selection in the options box from Run Virtually to Run Restricted. The issue that arises is that now that the file is not fully contained in a virtual environment it is free to interact with the system to varying degrees (dependent on what you set it at).

I would love to say that the sandbox settings shouldn't be played with anyway, but you MUST play with them to an extent as the first Run Virtually setting ABSOLUTELY HAS TO BE CHANGED from Internet to Any. Not changing this setting that led to the issues that Nsm had in his recent video review of Comodo. But after this is done no other settings change is needed (Full V is Full V after all...).

 

[hjlbx]

It's actually intuitively obvious ...

Hello cruelsister,

For a novice I think not...

In any case, as you already aware, Comodo had a lot of complaints about broken apps in version 7's restriction-based sandbox.

Now the default in version 8 is to run fully virtualized - which solves most problems...along with your advisement that source must be set to "Any."

I see no real advantage to offering both a separate restricted privileges (non-virtualized, policy-based only) and a light virtualization sandbox, but I suppose each has its uses/proponents.