Over the past few days I have tried to the best of my ability to infect computers protected by the new build of CIS6 with the Full Virtualization setting enabled to no avail. Former issues of the creation and deposition on the drives of Hidden files, various daughter programs, etc. no longer exist. Even CIS at stock seemed to be better. But as there is a difference between "seemed" and reality I decided to revisit a class of malware that Comodo had issues with in the past- the GpCode encryptors. To those that may be unfamiliar, the encyptors are a particularly nasty form of malware that will encrypt documents, pictures, etc. rendering them totally inaccessible. Although around for a while, they were a particular problem in 2008-9 with a resurgence in 2011 (this is when the Comodo susceptibility was discovered). Having some time I decided to revisit this topic. Digging around in my vault I selected a number of samples; the oldest was from 6-2008, the newest from late 2011. I then installed the latest version of CIS at totally default settings. The only thing that will vary would be the Behavior Blocker level. Please note that I had to disable both the AV component and network access. These samples are old and will be detected and eradicated by definitions and the cloud. 1). With the BB at Full V- samples were run. No encryption seen, although I did get a popup notice (loved the Green Border) saying my files were now encrypted (lies, all lies!). This popup vanished either by a reboot or just by emptying the sandbox. 2). With the BB at Untrusted- Like in the past, no malicious changes were seen. 3). With the BB at Limited- Nothing whatsoever happened. System protected. 4). With BB at the (sadly) default level of Partially Limited- Although CIS shrugged off some, it was not the case with all. The first and oldest sample was successfully able to break out of the sandbox with such a porous restriction level and zap my documents. At this point I suppose that I should delve into a further subtest of CIS at default with the various little additions made to protected files and folders that was such a hot topic on the Comodo boards back in 2011, but why bother? It is much more efficient just to right click the Comodo icon and step the sandbox up a level. To conclude, please don't use the Partially Limited Auto Sandbox level. There is no reason to do so when better options exist.