Comodo Help
Find the desired product help
Comodo Internet Security

Comodo Internet Security

Version 8.4

English

Print Help Download Help
Advanced Settings > Security Settings > Defense+ Settings > Configuring Rules For Auto-Sandbox
  • Introduction To Comodo Internet Security
    • Special Features
    • System Requirements
    • Installation
      • CIS Premium – Installation
      • CIS Pro - Installation And Activation
      • CIS Complete - Installation And Activation
      • Activating CIS Pro/Complete Services After Installation
        • Activating Your License
        • Activating Your Guarantee Coverage
        • Renewal Of Your License
    • Starting Comodo Internet Security
    • The Main Interface
      • The Home Screen
      • The Tasks Interface
      • The Widget
      • The System Tray Icon
    • Understanding Security Alerts
  • General Tasks – Introduction
    • Scan And Clean Your Computer
      • Run A Quick Scan
      • Run A Full Computer Scan
      • Run A Rating Scan
      • Run A Custom Scan
        • Scan A Folder
        • Scan A File
        • Create, Schedule And Run A Custom Scan
    • Instantly Scan Files And Folders
    • Processing Infected Files
    • Manage Virus Database And Program Updates
    • Manage Quarantined Items
    • View CIS Logs
      • Antivirus Logs
        • Filtering Antivirus Logs
      • Viruscope Logs
        • Filtering Viruscope Logs
      • Firewall Logs
        • Filtering Firewall Logs
      • Defense+ Logs
        • Filtering Defense+ Logs
      • Website Filtering Logs
        • Filtering Website Filtering Logs
      • Alerts Logs
        • Filtering Alerts Displayed Logs
      • Tasks Logs
        • Filtering Tasks Logs
      • Configuration Changes Logs
        • Filtering Configuration Changes Logs
    • Get Live Support
    • View Active Internet Connections
    • View Sandboxed Processes List
  • Firewall Tasks – Introduction
    • Allow Or Block Internet Access To Applications Selectively
    • Stealth Your Computer Ports
    • Manage Network Connections
    • Stop All Network Activities
    • Advanced Firewall Settings
  • Sandbox Tasks – Introduction
    • The Virtual Desktop
      • Starting The Virtual Desktop
      • The Main Interface
      • Running Browsers Inside The Virtual Desktop
      • Opening Files And Running Applications Inside The Virtual Desktop
      • Configuring The Virtual Desktop
      • Closing The Virtual Desktop
    • Run An Application In The Sandbox
    • Reset The Sandbox
    • View Active Process List
  • Advanced Tasks – Introduction
    • Create A Rescue Disk
      • Downloading And Burning Comodo Rescue Disk
    • Remove Deeply Hidden Malware
    • Submit Files
    • Identify And Kill Unsafe Running Processes
    • Manage CIS Tasks
  • Advanced Settings
    • General Settings
      • Customize User Interface
      • Configure Program And Virus Database Updates
      • Log Settings
      • Manage CIS Configurations
        • Comodo Preset Configurations
        • Importing/Exporting And Managing Personal Configurations
    • Security Settings
      • Antivirus Settings
        • Real-time Scanner Settings
        • Scan Profiles
        • Exclusions
      • Defense+ Settings
        • HIPS Settings
        • Active HIPS Rules
        • HIPS Rule Sets
        • Protected Objects
          • Protected Files
          • Blocked Files
          • Protected Registry Keys
          • Protected COM Interfaces
          • Protected Data Folders
        • HIPS Groups
          • Registry Groups
          • COM Groups
        • Sandbox
          • The Sandbox - An Overview
            • Unknown Files - The Scanning Processes
        • Configuring The Sandbox
        • Configuring Rules For Auto-Sandbox
        • Viruscope
      • Firewall Settings
        • Firewall Settings
        • Application Rules
        • Global Rules
        • Firewall Rule Sets
        • Network Zones
          • Network Zones
          • Blocked Zones
        • Port Sets
        • Website Filtering
          • Creating And Modifying Website Filtering Rules
          • Defining And Modifying Website Categories
      • Manage File Rating
        • File Rating Settings
        • File Groups
        • File List
        • Submitted Files
        • Trusted Vendors List
  • Comodo GeekBuddy
    • Overview Of Services
    • Activation Of Service
    • Launching The Client And Using The Service
    • Accepting Remote Desktop Requests
    • Chat History
    • Using Free Diagnostic Reports
    • Scanning My PC
    • Uninstalling Comodo GeekBuddy
  • TrustConnect Overview
  • Chromodo Browser
  • Appendix 1 CIS How To... Tutorials
    • Enable / Disable AV, Firewall Auto-Sandbox And Viruscope Easily
    • Set Up The Firewall For Maximum Security And Usability
    • Block Internet Access While Allowing Local Area Network (LAN) Access
    • Block/ Allow Websites Selectively To Users Of Your Computer
    • Set Up The HIPS For Maximum Security And Usability
    • Create Rules For Auto-Sandboxing Applications
    • Password Protect Your CIS Settings
    • Reset Forgotten Password (Advanced)
    • Run An Instant Antivirus Scan On Selected Items
    • Create An Antivirus Scanning Schedule
    • Run Untrusted Programs In The Sandbox
    • Run Browsers Inside Sandbox
    • Run Untrusted Programs Inside Virtual Desktop
    • Run Browsers Inside The Virtual Desktop
    • Restore Incorrectly Quarantined Item(s)
    • Submit Quarantined Items To Comodo For Analysis
    • Enable File Sharing Applications Like BitTorrent And Emule
    • Block Any Downloads Of A Specific File Type
    • Disable Auto-Sandboxing On A Per-application Basis
    • Switch Between Complete CIS Suite And Individual Components (just AV Or FW)
    • Switch Off Automatic Antivirus And Software Updates
    • Suppress CIS Alerts Temporarily While Playing Games
    • Renew Or Upgrading Your License
    • How To Use CIS Protocol Handlers
  • Appendix 2 - Glossary Of Terms
  • Appendix 3 - CIS Versions
  • About Comodo Security Solutions

Configuring Rules for Auto-Sandbox


The 'Auto-Sandbox' interface allows you to add and define rules for programs that should be run in the sandboxed environment. A sandboxed application has much less opportunity to damage your computer because it is run isolated from your operating system and your files. This allows you to safely run applications that you are not 100% sure about. Auto-sandbox rules allows you to determine whether programs should be allowed to run with full privileges, ignored, run restricted or run in a fully virtual environment. For easy identification, Comodo Internet Security will show a green border around programs that are running in the sandbox.
  • The 'Auto-Sandbox' panel can be accessed by clicking 'Tasks > Sandbox Tasks > Open Advanced Settings > Security Settings > Defense+ > Sandbox > Auto-Sandbox




  • Enable Auto-Sandbox - Allows you to enable or disable the Sandbox. If enabled, the applications are run inside the sandbox as per the rules defined. (Default = Enabled)
  • Enable file source tracking – If enabled, CIS will decide whether to sandbox a file based on file source, reputation  and location. If disabled, sandbox decisions are based only on file reputation and location. (Default = Enabled) 

    The interface displays the configured rules:

    • Action – Displays the operation that the sandbox should perform on the target files if the rule is triggered.
    • Target –The files, file groups or specified locations on which the rule will be executed.
    • Reputation – The trust status of the files to which the rule should apply. Can be 'Malware', 'Trusted', 'Unrecognized' or 'Any'.
    • Enable Rule –  Allows you to enable/disable the rule.

    CIS ships with a set of pre-defined auto-sandbox rules that are configured to provide maximum protection for your system. The table provides the configuration settings for these pre-defined rules:


    Rule

    Action

    Target

    Restriction Level

    Rating

    Source

    Log Action

    Limit Maximum memory

    Limit Program Execution Time

    Quarantine

    Created by

    Located on

    Downloaded from

    1

    Block

    File Group - All Applications

    N/A

    Malware

    Any

    Any

    Any

    On

    N/A

    N/A

    On

    2

    Block

    File Group - Suspicious Locations

    N/A

    Any

    Any

    Any

    Any

    On

    N/A

    N/A

    Off

     3  Block  

    File Group – Sandbox Folders

     

    N/A

     Any  Any  Any  Any  On  N/A  N/A  Off
     4  

    Ignore

     

    File Group – Metro Apps

     

    N/A

      Any   Any   Any   Any  On  

    N/A

     

    N/A

     Off

    5

    Run Virtual

    File Group - All Applications

    Off

    Unrecognized

    Any

    Any

    Internet

    On

    Off

    Off

    N/A

    Any

    Network Drive

    Any

    Any

    Removable Drive

    Any

    6

    Run Virtual

    File Group - All Applications

    Off

    Unrecognized

    File Group – Web Browsers

    Any

    Any

    On

    Off

    Off

    N/A

    File Group – Email Clients

    Any

    Any

    File Group –File Downloaders

    Any

    Any

    File Group –Pseudo-File Downloaders



    7

    Run Virtual

    File Group – Shared Spaces

    Off

    Unrecognized

    Any

    Any

    Any

    On

    Off

    Off

    N/A


    Clicking the handle at the bottom of the interface opens a rule configuration panel:




    • Add - Allows you to add a new sandbox rule. See the section 'Adding an Auto-Sandbox Rule' for guidance on creating a new rule.
    • Edit - Allows you to modify the selected sandbox rule. See the section 'Editing an Auto-Sandbox Rule' for more details.
    • Remove - Deletes the selected rule.
    • Reset to Default – Resets to default the rule. 

    Users can also re-prioritize the sandbox rules by using the 'Move Up' and 'Move Down' buttons.


    Adding an Auto-Sandbox Rule


    Auto-sandbox rules can be created for a single application, for all applications in a folder or file group, from running processes or for applications based on their file or process hash. ‘Source’, ‘Reputation’ and ‘Options’ allow you to add detailed filters to your rule. They are, however, optional, so you can create a very simple rule to run an application in the sandbox just by specifying the action and the target application.

    • Click the Add button from the options.



     

    The Manage Sandboxed Program screen will be displayed. 

    • Step 1 – Select the Action
    • Step 2 – Select the Target
    • Step 3 – Select the Sources
    • Step 4 – Select the File Reputation
    • Step 5 – Select the Options 


    Step 1 – Select the Action


    The options under the 'Action' drop-down combined with the 'Set Restriction Level' setting in the 'Options' tab determine the amount of privileges an auto-sandboxed application has access to, regarding other software and hardware resources on your computer.




    The options available under the Action button are:

    • Run Virtually - The application will be run in a virtual environment completely isolated from your operating system and files on the rest of your computer.
    • Run Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications, like computer games, may not work properly under this setting.
    • Block - The application is not allowed to run at all.
    • Ignore - The application will not be sandboxed and allowed to run with all privileges.
    Select the action from the options.

    Step 2 – Select the Target


    The next step is to select the target to which the auto-sandbox rule is to be applied. Click the Browse button beside the Target field.



    You have six options available to add the target path.

    • Files – Allows to add individual files as target
    • Running Processes – As the name suggests, this option allows you to add any process that is currently running on your computer
    • File Groups – Allows to add predefined File Groups as target. To add or modify a predefined file group refer to the section File Groups for more details.
    • Folder – Allows you to add a folder or drive as the target
    • File Hash – Allows you to add a file as target based on its hash value
    • Process Hash - Allows you to add any process that is currently running on your computer as target based on its hash value


    Adding an individual File

    • Choose 'Files' from the 'Browse' drop-down.




    • Navigate to the file you want to add as target in the 'Open' dialog and click 'Open'




    The file will be added as target and will be run as per the action chosen in Step 1.




    If you want to just add an application for a particular action as selected in Step 1 without specifying any filters or options, then click 'OK'. The default values for Sources and Reputation will be 'Any' and for Options it will be 'Log when this action is performed'. If required you can configure Source and Reputation filters and Options for the rule.

    Adding an application from a running processes

    • Choose 'Running Processes' from the 'Browse' drop-down.



    A list of currently running processes in your computer will be displayed.

    • Select the process, whose target application is to be added to target and click 'OK' from the Browse for Process dialog.




    The file will be added as target and will be run as per the action chosen in Step 1.




    If you want to just add an application for a particular action as selected in Step 1 without specifying any filters or options, then click 'OK'. The default values for Sources and Reputation will be 'Any' and for Options it will be 'Log when this action is performed'. If required you can configure Source and Reputation filters and Options for the rule.

    Adding a File Group

    • Choose 'File Groups' from the 'Browse' drop-down. Choosing File Groups allows you to include a category of pre-set files or folders. For more details on how to manage file groups refer to the section File Groups.




    • Select the preset file group from the options.

    • The file group will be added as target and the applications inside it will be run as per the action chosen in Step 1.



    If you want to just add the applications in the file group for a particular action as selected in Step 1 without specifying any filters or options, then click 'OK'. The default values for Sources and Reputation will be 'Any' and for Options it will be 'Log when this action is performed'. If required you can configure Source and Reputation filters and Options for the rule.

    Adding a Folder/Drive Partition

    • Choose 'Folder' from the 'Browse' drop-down.




    The 'Browse for Folder' dialog will appear.




    • Navigate to the drive partition or folder you want to add as target and click OK

    The drive partition/folder will be added as target and will be run as per the action chosen in Step 1.




    If you want to just add the applications in the drive partition/folder for a particular action as selected in Step 1 without specifying any filters or options, then click 'OK'. The default values for Sources and Reputation will be 'Any' and for Options it will be 'Log when this action is performed'. If required you can configure Source and Reputation filters and Options for the rule.


    Adding a file based on its hash value

    • Choose 'File Hash' from the 'Browse' drop-down.



    • Navigate to the file whose hash value you want to add as target in the 'Open' dialog and click 'Open'




    The file will be added as target and will be run as per the action chosen in Step 1.




    If you want to just add the hash value of an application for a particular action as selected in Step 1 without specifying any filters or options, then click 'OK'. The default values for Sources and Reputation will be 'Any' and for Options it will be 'Log when this action is performed'. If required you can configure Source and Reputation filters and Options for the rule.

    Adding an application from a running process based on its hash value

    • Choose 'Process Hash' from the 'Browse' drop-down.



    A list of currently running processes in your computer will be displayed.

    • Select the process, whose hash value of the target application is to be added to target and click 'OK' from the Browse for Process dialog.




    The file will be added as target and will be run as per the action chosen in Step 1.




    If you want to just add the process hash value of an application for a particular action as selected in Step 1 without specifying any filters or options, then click 'OK'. The default values for Sources and Reputation will be 'Any' and for Options it will be 'Log when this action is performed'. If required you can configure Source and Reputation filters and Options for the rule.


    Step 3 – Select the Sources

     

    If you want to include a number of items for a rule but want the rule to be applied for certain conditions only, then you can do this in this step. For example, if you include all executables in the Target but want the rule to be applied for executables that were downloaded from the internet only, then the filter can be applied in the Sources. Another example is if you want to run unrecognized files from network share, you have to create an ignore rule with All Applications as target and source located on network drives.


    To add a source

    • Click the handle at the bottom and then click Add from the options.




    The options available are same as those available under the 'Browse' button beside 'Target' as explained in Step 2. Refer to previous section for each of options for more details.




    The following example describes how to add an 'Ignore' rule for Unrecognized files from a network source:

    • In Step 1, select the action as Ignore
    • In  Step 2, select the Target as All Applications in File Groups
    • In Step 3, click Folder from the Add options.

      The Browse For Folder dialog will be displayed.




      • Navigate to the source folder in the network, select it and click 'OK'.




      The selected network source folder will be added under the 'Created by' column and the screen displays the options to specify the location and from where the files were downloaded.

      • Location– The options available are:
      • Any
      • Local Drive
      • Removable Drive
      • Network Drive

      Since the source is located in a network, select Network Drive from the options.

      • Origin – The options available are:
      • Any – The rule will apply to files that were downloaded to the source folder from both Internet and Intranet.
      • Internet – The rule will apply to files that were downloaded to the source folder from Internet only.
      • Intranet – The rule will apply to files that were downloaded to the source folder from Intranet only.

      Repeat the process to add more source folders.

      • Click the Edit button to change the source path from the options:



      • To remove a source from the list, select it and click the Remove button.
      • Use the 'Move Up' and 'Move Down' buttons to specify the order of source path.

      If you want to just add the Sources for a particular action as selected in Step 1 without specifying rating of the file or options, then click 'OK'. The default values for Reputation will be 'Any' and for Options it will be 'Log when this action is performed'. If required you can configure Reputation filters and Options for the rule.


      Since the example rule is created for files that are categorized as Unrecognized, the same has to be selected from the rating options in Step 4.

      Step 4 – Select the File Reputation

      • Click the Reputation tab in the Manage Sandboxed Program interface.




      By default, the file rating is not selected meaning the rating could be Any. The options available are:

      • Trusted – Applications that are signed by trusted vendors and files installed by trusted installers are categorized as Trusted files by Defense+. Refer to the sections File Rating Settings and Trusted Files for more information.
      • Unrecognized – Files that are not found on whitelist (safe) or blacklist (malicious) are categorized as Unrecognized files. Refer the sections Unknown Files - The Scanning Process and File List for more information.
      • Malicious - Files found on the Comodo virus blacklist are categorized as malicious.

       By default, file age is not selected, so the age could be Any. The options available are:

      • Less Than – CIS will check for reputation if a file is younger than the age you set here. Select the interval in hours or days from the first drop-down combo box and set hours or days in the second drop-down box. (Default and recommended = 1 hours)
      • More Than - CIS will check for reputation if a file is older than the age you set here. Select the interval in hours or days from the first drop-down combo box and set hours or days in the second drop-down box. (Default and recommended = 1 hours)

      Select the category from the options. Since the example rule is created for files that are categorized as Unrecognized, the same has to be selected from the rating options.


      If you want to just add the Sources and Reputation for a particular action as selected in Step 1 without specifying the options, then click 'OK'. The default values for Options will be 'Log when this action is performed'. If required you can configure Options for the rule.


      Step 5 – Select the Options

      • Click the Options tab in the Manage Sandboxed Program interface.



      By default, the 'Log when this action is performed' checkbox is selected.  The options available for 'Ignore' action are:

      • Log when this action is performed – Whenever this rule is applied for the action, it will be logged.
      •  Don't apply the selected action to child processes – Child processes are the processes initiated by the applications, such as launching some unwanted app, third party browsers plugins / toolbars that was not specified in the original setup options and / or EULA. CIS treats all the child processes as individual processes and forces them to run as per the file rating and the Sandbox rules.
      • By default, this option is not selected and the ignore rule is applied also to the child process of the target application(s).
      • If this option is selected, then the Ignore rule will be applied only for the target application and all the child processes initiated by it will be checked and Sandbox rules individually applied as per their file rating.

      The 'Don't apply the selected action to child processes' option is available for the 'Ignore' action only.


      For actions – 'Run Restricted' and 'Run Virtually' – the following options are available:

      • Log when this action is performed – Whenever this rule is applied for the action, it will be logged.
      • Set Restriction Level – When Run Restricted is selected in Action, then this option is automatically selected and cannot be unchecked while for Run Virtually action the option can be checked or unchecked. The options for Restriction levels are:
      • Partially Limited - The application is allowed to access all operating system files and resources like the clipboard. Modification of protected files/registry keys is not allowed. Privileged operations like loading drivers or debugging other applications are also not allowed.(Default)
      • Limited - Only selected operating system resources can be accessed by the application. The application is not allowed to execute more than 10 processes at a time and is run without Administrator account privileges.
      • Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications, like computer games, may not work properly under this setting.
      • Untrusted - The application is not allowed to access any operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications that require user interaction may not work properly under this setting.
      • Limit maximum memory consumption to – Enter the memory consumption value in MB that the process should be allowed.
      • Limit program execution time to – Enter the maximum time in seconds the program should run. After the specified time, the program will be terminated.

      For 'Block' action, the following options are available:

      • Log when this action is performed – Whenever this rule is applied for the action, it will be logged.
      • Quarantine program – If checked, the programs will be automatically quarantined. Refer to the section Manage Quarantined Items for more information.

      Choose the options and click 'OK'. The rule will be added and displayed in the list.




      Editing an Auto-Sandbox Rule

      • To edit an auto-sandbox rule, select it from the list and click 'Edit' from the options.

      The 'Manage Sandboxed Program' interface will be displayed. The procedure is similar to Adding an Auto-Sandbox Rule.

      • Click 'OK' to save the changes to the rule.


      Important Note: Please make sure the auto-sandbox rules do not conflict. If it does conflict, the settings in the rule that is higher in the list will prevail.


      Our Products
      • Free Antivirus
      • Free Internet Security
      • Website Malware Removal
      • Free Anti-Malware
      • Anti-Spam (Free Trial)
      • Windows Antivirus
      • Antivirus for Windows 7
      • Antivirus for Windows 8
      • Antivirus for Windows 10
      • Antivirus for MAC
      • Antivirus for Linux
      • Free Endpoint Security
      • Free ModSecurity
      • Free RMM
      • Free Website Malware Scanner
      • Free Device Manager for Android
      • Free Demo
      • Network Security
      • Endpoint Protection
      • Antivirus for Android
      • Comodo Antivirus
      • Wordpress Security
      Cheap CDN
      • Bootstrap CDN
      • Semantic UI CDN
      • Jquery CDN
      • CDN Plans
      • CDN
      • Free CDN
      Enterprise
      • Patch Management Software
      • Patch Manager
      • Service Desk
      • Website Down
      • Endpoint Protection Solutions
      • Website Security Check
      • Remote Monitoring and Management
      • Website Security
      • Device Manager
      • ITSM
      • CRM
      • MSP
      • Android Device Manager
      • MDR Services
      • Managed IT Support Services
      • Free EDR
      Free SSL Certificate
      Support Partners Terms and Conditions Privacy Policy

      © Comodo Group, Inc. 2025. All rights reserved.