Comodo Help
Find the desired product help
Comodo Internet Security

Comodo Internet Security

Version 8.4

English

Print Help Download Help
Advanced Settings > Security Settings > Defense+ Settings > Configuring The Sandbox
  • Introduction To Comodo Internet Security
    • Special Features
    • System Requirements
    • Installation
      • CIS Premium – Installation
      • CIS Pro - Installation And Activation
      • CIS Complete - Installation And Activation
      • Activating CIS Pro/Complete Services After Installation
        • Activating Your License
        • Activating Your Guarantee Coverage
        • Renewal Of Your License
    • Starting Comodo Internet Security
    • The Main Interface
      • The Home Screen
      • The Tasks Interface
      • The Widget
      • The System Tray Icon
    • Understanding Security Alerts
  • General Tasks – Introduction
    • Scan And Clean Your Computer
      • Run A Quick Scan
      • Run A Full Computer Scan
      • Run A Rating Scan
      • Run A Custom Scan
        • Scan A Folder
        • Scan A File
        • Create, Schedule And Run A Custom Scan
    • Instantly Scan Files And Folders
    • Processing Infected Files
    • Manage Virus Database And Program Updates
    • Manage Quarantined Items
    • View CIS Logs
      • Antivirus Logs
        • Filtering Antivirus Logs
      • Viruscope Logs
        • Filtering Viruscope Logs
      • Firewall Logs
        • Filtering Firewall Logs
      • Defense+ Logs
        • Filtering Defense+ Logs
      • Website Filtering Logs
        • Filtering Website Filtering Logs
      • Alerts Logs
        • Filtering Alerts Displayed Logs
      • Tasks Logs
        • Filtering Tasks Logs
      • Configuration Changes Logs
        • Filtering Configuration Changes Logs
    • Get Live Support
    • View Active Internet Connections
    • View Sandboxed Processes List
  • Firewall Tasks – Introduction
    • Allow Or Block Internet Access To Applications Selectively
    • Stealth Your Computer Ports
    • Manage Network Connections
    • Stop All Network Activities
    • Advanced Firewall Settings
  • Sandbox Tasks – Introduction
    • The Virtual Desktop
      • Starting The Virtual Desktop
      • The Main Interface
      • Running Browsers Inside The Virtual Desktop
      • Opening Files And Running Applications Inside The Virtual Desktop
      • Configuring The Virtual Desktop
      • Closing The Virtual Desktop
    • Run An Application In The Sandbox
    • Reset The Sandbox
    • View Active Process List
  • Advanced Tasks – Introduction
    • Create A Rescue Disk
      • Downloading And Burning Comodo Rescue Disk
    • Remove Deeply Hidden Malware
    • Submit Files
    • Identify And Kill Unsafe Running Processes
    • Manage CIS Tasks
  • Advanced Settings
    • General Settings
      • Customize User Interface
      • Configure Program And Virus Database Updates
      • Log Settings
      • Manage CIS Configurations
        • Comodo Preset Configurations
        • Importing/Exporting And Managing Personal Configurations
    • Security Settings
      • Antivirus Settings
        • Real-time Scanner Settings
        • Scan Profiles
        • Exclusions
      • Defense+ Settings
        • HIPS Settings
        • Active HIPS Rules
        • HIPS Rule Sets
        • Protected Objects
          • Protected Files
          • Blocked Files
          • Protected Registry Keys
          • Protected COM Interfaces
          • Protected Data Folders
        • HIPS Groups
          • Registry Groups
          • COM Groups
        • Sandbox
          • The Sandbox - An Overview
            • Unknown Files - The Scanning Processes
        • Configuring The Sandbox
        • Configuring Rules For Auto-Sandbox
        • Viruscope
      • Firewall Settings
        • Firewall Settings
        • Application Rules
        • Global Rules
        • Firewall Rule Sets
        • Network Zones
          • Network Zones
          • Blocked Zones
        • Port Sets
        • Website Filtering
          • Creating And Modifying Website Filtering Rules
          • Defining And Modifying Website Categories
      • Manage File Rating
        • File Rating Settings
        • File Groups
        • File List
        • Submitted Files
        • Trusted Vendors List
  • Comodo GeekBuddy
    • Overview Of Services
    • Activation Of Service
    • Launching The Client And Using The Service
    • Accepting Remote Desktop Requests
    • Chat History
    • Using Free Diagnostic Reports
    • Scanning My PC
    • Uninstalling Comodo GeekBuddy
  • TrustConnect Overview
  • Chromodo Browser
  • Appendix 1 CIS How To... Tutorials
    • Enable / Disable AV, Firewall Auto-Sandbox And Viruscope Easily
    • Set Up The Firewall For Maximum Security And Usability
    • Block Internet Access While Allowing Local Area Network (LAN) Access
    • Block/ Allow Websites Selectively To Users Of Your Computer
    • Set Up The HIPS For Maximum Security And Usability
    • Create Rules For Auto-Sandboxing Applications
    • Password Protect Your CIS Settings
    • Reset Forgotten Password (Advanced)
    • Run An Instant Antivirus Scan On Selected Items
    • Create An Antivirus Scanning Schedule
    • Run Untrusted Programs In The Sandbox
    • Run Browsers Inside Sandbox
    • Run Untrusted Programs Inside Virtual Desktop
    • Run Browsers Inside The Virtual Desktop
    • Restore Incorrectly Quarantined Item(s)
    • Submit Quarantined Items To Comodo For Analysis
    • Enable File Sharing Applications Like BitTorrent And Emule
    • Block Any Downloads Of A Specific File Type
    • Disable Auto-Sandboxing On A Per-application Basis
    • Switch Between Complete CIS Suite And Individual Components (just AV Or FW)
    • Switch Off Automatic Antivirus And Software Updates
    • Suppress CIS Alerts Temporarily While Playing Games
    • Renew Or Upgrading Your License
    • How To Use CIS Protocol Handlers
  • Appendix 2 - Glossary Of Terms
  • Appendix 3 - CIS Versions
  • About Comodo Security Solutions

Configuring the Sandbox

 

The 'Sandbox Settings' section of 'Advanced Settings' allows you to configure the Sandbox settings that determine how proactive the Sandbox should be and which types of files it should check.

  • The 'Sandbox' panel can be accessed by clicking 'Tasks > Sandbox Tasks > Open Advanced Settings > Security Settings > HIPS > Sandbox




    Click the following links to find out more about each section:

    • Shared Space Settings - Files downloaded or generated by sandboxed applications that you wish to be able to access from your real system should be downloaded to the shared space
    • Advanced Settings – Allows you to configure Sandbox alert settings as well as to enable automatic startup services for programs installed in the Sandbox.
    • Virtual Desktop - Create an 'exit' password for the Virtual Desktop. If set, the Virtual Desktop cannot be closed or minimized until the correct password is entered. This prevents guests or younger users from exiting this sandbox environment.


    Shared Space Settings:




    'Shared Space' is a dedicated area on your local drive that sandboxed applications are permitted to write to and which can also be accessed by non-sandboxed applications (hence the term 'Shared Space'). For example, any files or programs you download via a sandboxed browser that you wish to be able to access from your real system should be downloaded to the shared space. This folder is also used by the Virtual Desktop and is located by default at 'C:/Program Data/Shared Space'.


    You can access the shared space folder in the following ways:

    • Clicking the 'Shared Space' shortcut on your computer desktop
    • Clicking 'Shared Space' button on the CIS interface
    • Opening 'Sandbox Tasks' from the Tasks interface then clicking 'Open Shared Space'
    • By default, sandboxed applications can access folders and files on your 'real' system but cannot save any changes to them. However, you can define exclusions to this rule by using the 'Do not virtualize access to...' links.

    To define exclusions for files and folders

    • Enable the 'Do not virtualize access to the specified files/folders' check-box then click on the words 'the specified files/folders'. The 'Manage Exclusions' dialog will appear.
    • Click the handle at the bottom to open the tools menu then click 'Add.
    1. Files - Allows you to specify files or applications that sandboxed applications are able to access

    2. Folders - Specify a folder that can be accessed by sandboxed applications

    3. File Groups - Enables you to choose a category of files or folders to which access should be granted. For example, selecting 'Executables' would enable you to create an exception for all files with the extensions .exe .dll .sys .ocx .bat .pif .scr .cpl. For more details on file groups, refer to the section File Groups.

    4. Running Processes - Allows you to add a program that sandboxed applications are able to access

    • To edit an exception, select it from the list, click the handle to open the tools menu then select 'Edit'.
    • Change file or folder location path and click 'OK'
    • Click 'OK' to implement your settings


    To define exclusions for specific Registry keys and values

    • Enable the 'Do not virtualize access to the specified registry keys/values' check-box then click on the words 'the specified registry keys/values'. The 'Manage Exclusions' dialog will appear.


    You can search for specific excluded Registry Keys or Values from the list by clicking the search icon  at the far right in the column header and entering the name of the key/value in full or part. You can navigate through the successive results by clicking the left and right arrows.




    • Click the handle at the bottom to open the tools menu then click 'Add'.
    • Registry Groups - Allows you to batch select a predefined group of important registry keys as exclusions. For an explanation of CIS registry groups, refer to the section Registry Groups.
    • Registry Entries - Opens an interface that allows you to quickly browse Windows registry keys and add them as exclusions:




    • Click 'OK' to implement your settings.
    • To edit an exception, first select it from the list, click the handle to open the tools menu then select 'Edit'.
    • Edit the key path and click OK.




    Advanced Settings:

    • Enable automatic startup for services installed in the sandbox - Services that are installed in the sandbox will not be able to run at Windows startup. Select this check-box to allow them to do so. (Default = Enabled)
    • Show highlight frame for virtualized programs - If enabled, CIS displays a green border around the windows of programs that are running inside the sandbox. (Default = Enabled)

    The following example shows an .odt document opened with a sandboxed instance of OpenOffice Writer:



    • Detect programs which require elevated privileges:Allows you to instruct the Sandbox to display alerts when an installer or updater requires administrator or elevated privileges to run. An installer that is allowed to run with elevated privileges is permitted to make changes to important areas of your computer such as the registry. Refer to the section Understanding Security Alerts for more details.




    You can decide on whether or not to allow the installer or updater based on your assessment, from the alert itself. (Default=Enabled)

    • Show privilege elevation alerts for unknown programs : Allows you to instruct the Sandbox to display alerts when a new or unrecognized program, application or executable requires administrator or elevated privileges to run. You can decide on whether or not to allow the unknown application based on your assessment, from the alert itself. (Default=Enabled)


    Virtual Desktop Settings


    The Virtual Desktop Settings area allows you to password protect your Virtual Desktop. Once set, the password has to be entered every time when the Virtual Desktop is closed.



    The exit password for the Virtual Desktop acts as a security measure to prevent guest users or younger users from exiting out of the isolated environment you have prepared for them and potentially exposing the real system to danger.


    To set an exit password for Virtual Desktop:

    • Select the 'Protect Virtual Desktop with a password' check-box then click the word password. The 'Change password' dialog will appear.




    • Type a password which contains a combination of alphabetic and numeric characters and symbols which cannot be easily guessed by others. We recommend a password of at least 8 characters in length.
    • Re-enter the password in the 'Retype' field then click 'OK'.

    You will now be asked for a password every time you exit the Virtual Desktop.


    Our Products
    • Free Antivirus
    • Free Internet Security
    • Website Malware Removal
    • Free Anti-Malware
    • Anti-Spam (Free Trial)
    • Windows Antivirus
    • Antivirus for Windows 7
    • Antivirus for Windows 8
    • Antivirus for Windows 10
    • Antivirus for MAC
    • Antivirus for Linux
    • Free Endpoint Security
    • Free ModSecurity
    • Free RMM
    • Free Website Malware Scanner
    • Free Device Manager for Android
    • Free Demo
    • Network Security
    • Endpoint Protection
    • Antivirus for Android
    • Comodo Antivirus
    • Wordpress Security
    Cheap CDN
    • Bootstrap CDN
    • Semantic UI CDN
    • Jquery CDN
    • CDN Plans
    • CDN
    • Free CDN
    Enterprise
    • Patch Management Software
    • Patch Manager
    • Service Desk
    • Website Down
    • Endpoint Protection Solutions
    • Website Security Check
    • Remote Monitoring and Management
    • Website Security
    • Device Manager
    • ITSM
    • CRM
    • MSP
    • Android Device Manager
    • MDR Services
    • Managed IT Support Services
    • Free EDR
    Free SSL Certificate
    Support Partners Terms and Conditions Privacy Policy

    © Comodo Group, Inc. 2025. All rights reserved.