Enabling Full Virtualization for Auto-Sandboxed Applications
The Behavior Blocker will auto-sandbox an unknown executable and restrict its execution privileges according to an access restriction level set by you. The available restriction levels can be viewed in the Behavior Blocker settings panel. This tutorial explains how to add ‘Fully Virtualized’ to the set of available restriction levels for auto-sandboxed applications. It involves modifications to the Windows registry and should only be attempted by advanced users.
To view auto-sandbox restriction levels
-
Open 'Tasks' interface by clicking the green curved arrow at top right of the 'Home' screen
-
Click 'Advanced Tasks' > 'Advanced Settings' from the Tasks interface
-
Click 'Security Settings' > 'Defense+' > 'Behavior Blocker' from the left hand side navigation
By default, the Behavior Blocker provides five access restriction levels to choose from, for automatically sandboxed applications.
-
Partially Limited - The application is allowed to access all operating system files and resources like the clipboard. Modification of protected files/registry keys is not allowed. Privileged operations like loading drivers or debugging other applications are also not allowed.(Default)
-
Limited - Only selected operating system resources can be accessed by the application. The application is not allowed to execute more than 10 processes at a time and is run without Administrator account privileges.
-
Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications, like computer games, may not work properly under this setting.
-
Untrusted - The application is not allowed to access any operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications that require user interaction may not work properly under this setting.
-
Blocked - The application is not allowed to run at all.
Advanced users can add an additional level 'Fully Virtualized', in which all functionality of the application will be enabled, but in a virtual environment isolated from the operating system and files in the system. The 'Fully Virtualized' level but can be enabled by adding a registry key.
To add 'Fully Virtualized' level
-
Click Start > Run, from the Windows Start menu
-
Type 'regedit' in the text box and click 'OK'
-
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\FirewallPro
-
To add a new DWORD Entry, Click 'Edit' from the menu bar and select 'DWORD Value' OR right click in the right hand side pane and click 'New' > 'DWORD Value' from the right click options
A new registry value will be added with the name 'New Value#1'
-
Rename the as EnableDefaultVirtualization
-
Right-click on the value 'EnableDefaultVirtualization' and click 'Modify' from the context sensitive menu
-
In the 'Edit DWORD Value dialog box, change the 'Value data' from 1 to 0 and click OK
-
Restart the system for the changes to take effect
The level 'Fully Virtualized' will be added and will be available available for selection in the Behavior Blocker Settings panel.
For more details on Auto-Sandboxing process, refer to the section Unknown Files: The Auto-Sandboxing and Scanning Processes.
For more details on Behavior Blocker Settings refer to the section Behavior Blocker.