Comodo Internet Security 6.xx Thread

Oddly today the boot up times seems a bit more snappy.
Strangely IE got sandboxed as an unrecognised file.

 

It's not a configuration, you just click where it says "Realtime Protection: Active/Disabled" and it will show you the components and whether they're enabled.

 

Thanks just done it.didnt realise you could do that.lol

 

Thanks for the tip RejZoR

 

I many times heard that the sandbox in CIS is not a fully real sandbox like the Sandboxie. Then maybe someone can explain me one important for me question.

I adjusted the Sandbox to run browsers there and assigned restriction level as "Partially Limited". Then does it mean that all the changes in these sandboxed browsers and the OS, the disks (excluding the Shared Space) are erased after restart of Windows or resetting the Sandbox?

I mean I want to use COMODO's sandbox like the Sandboxie with its "Delete" button. When all traces in and outside the browsers are cleaned after deleting the sandbox.

Thank you

 

CIS has 2 types of "sandbox":
1) Kiosk is fully virtualized environment. You can delete its content and it is pretty much same as Sandboxie.
2) Autosandbox. Unknown files are run with dropped rights and different levels of restrictions. You can make a registry entry to enable Fully Virtualized setting for it. After that, it is deleted after restart and there are no more malware leftovers.

 

Thanks for the info!

 

Then what about the sandboxed browsers in my previous post?

 

I just click the comodo dragon icon at the bottom of the gadget and dragon opens virtualized.I assume it is virtualized .The green border is around the browser.

I donr see how you can run your browser "partially limited."

 

Not from the gadget, in the "Advanced Settings" ->"Defence+"-> "Sandbox". Only the inconvenience is that they always are automatically sandboxed.

 

Ive never configured my browser like that i always press the gadget icon to open browser.

Have you tried just removing them from the sandbox.

 

You can enforce it through Advanced Settings -> Sandbox.

I have all Internet Explorer executables set to "Limited" since i don't use IE. Same for Windows Media Player executables. And Windows Sidebar as well.
Just to be sure.

Any other idea wha to limit as well in order to reinforce the OS ?

 

ok thanks for that.
So when i open my browser from the gadget is it fully virtualized or not?
I didnt realise you could set restrictions on the browser like that.
I have the autosandbox set to fully virtualize after adding the registry key.

Do you have the hips enabled as ive disabled it .

 

You can check restriction level in KillSwitch, column "Restriction". No need to have HIPS on for sandboxing.

 

on my system (win8x64), sandboxed "zemana keylogger test" can capture keystrokes. without sandboxing (when disable BB), CIS HIPS can stop it.

i disabled whitelist, checked again but same result.

i dont know why.

 

Would you please make this post @ the Comodo Forum? I'm sure they'll appreciate it, and we may all have a better CIS for that.

 

Be aware that while Full Virtualization does prevent operating system wide modifications, it does absolutely nothing against data leaking as virtualized environment just copies everything from the actual host. So technically if you run a data miner trojan inside fully virtualized sandbox, it will still steal easily.
You still need full virtualization + restriction. Full virtualization ensures system cannot get actualyl compromised and restrictions prevent apps running virtualized to access off limits data.

Full virtualization through VMWare is not affected as there you run a physically separated OS. Sandboxie, BufferZone and Comodo's general full virtualized sandbox are however affected. You can minimize the damage if you quickly go and reset the sandbox if you find out that you run a data miner trojan, but that won't ensure anything.

 

RejZor is right.

What Comodo needs to add to CIS is a way to use restrictions inside the sandbox.

 

Yes, There is no way to prevent data leaking as virtualized environment on current version.
HIPS doesnt check sandboxed apps.

 

Actually it does (like it did in CIS 5.x), but you have to enable it manually.

 

Could you please show us where the setting is?

 

Did you try with the virtual keyboard?

 

where is virtual keyboard?
it is not releated with virtual keyboard.
it is releated BB and virtualization.
BB has problem, untrusted auto-sandboxed exe can capture keystrokes
and HIPS doesnt protect against auto-sandboxed/fully virtualized process.

if i disable BB autosandbox function, HIPS can stop keylogger. Otherwise BB run it untrusted process but it can log successfully and HIPS doesnt show any alert.

https://forums.comodo.com/leak-test...h/zemana-can-capture-keystrokes-t89907.0.html

 

Hi can you check if Zemana is able to capture keystrokes if you use the virtual keyboard in virtual kiosk.

Thanks

 

Nope. Cant catch if you use vk.
Off course, there are special sniffers for catching virtual keyboard.
In this case we talking about diffierent things.