130/340

[Guest]

[JoWa]

this is not true

Please read again (both paragraphs) and explain what is not true. Thanks.

And I do get 340/340 with sandbox enabled (Partially limited) on XP SP3.

[salaficall]

as the developer of the CIS 5 SAID :

Automatic sandboxing does not virtualise software Files and registry keys created by the software

and u said that :

CLT doesn't understand that they are virtual , and says Vulnerable. That's why CLT should be updated.

and this is not true cause there is no virtualization in the automatic sanboxing , it's only some restrictions the isolated program is forced to go throw

And I do get 340/340 with sandbox enabled (Partially limited) on XP SP3.

I can't reproduce that though ( win7 x86 fully updated - SB partially limited/limited/restricted/untrusted ! - proactive configurations - safe mode for D+ & Firewall - Automatic detection of installers... unselected ...)

can u give me some details on how u get that score ?

 

[JoWa]

Did I mention automatic sandboxing in CIS in the first paragraph? No! It's about CLT and has nothing to do with CIS.

Automatic detection of installers selected or not does not matter. If it is selected, you gen an Unlimited access alert, and can click on Sandbox. Just run the tests and block every alert.

[salaficall]

Did I mention automatic sandboxing in CIS in the first paragraph? No! It's about CLT and has nothing to do with CIS.

yes , u said

Virtualisation allows files to be dropped and changes to be made in the registry, but in a special “virtual” folder and registry.(no ! , the virtual folder is empty) CLT doesn't understand that they are virtual, ( they are not virtual ! )  and says Vulnerable. That's why CLT should be updated.

witch virtualisation u r talking about ??!

as i said before , CLT low results have nothing to do with virtualisation , there is something wrong with the sandbox feature.

anyway , CIS 5 is strong enough even without sandbox enabled , and I'm happy with it 

Automatic detection of installers selected or not does not matter. If it is selected, you gen an Unlimited access alert, and can click on Sandbox. Just run the tests and block every alert.

I already tried that and it didn't do the trick , i got 320/340 (Impersonation: Coat/DDE )

the only way to get full score is to completely disable the sandbox feature. maybe it's CIS / win7 issue , who knows ?

I will give it a try on xp sp3 and see how it goes

[Valentin N]

Hey:)

no need to fight here! I opened this topic to get help, not see people arguing with each other. I got my answer and a deeper understanding how this leaktest works.

I thank all for taking their time to explain and to give advices.

Regards,
            Valentin

[salaficall]

hi Valentinchen

no fighting man , no arguing , we are just trying to figure out how can we get the sandbox/CLT work smoothly together and get full score like JoWa's pc  ...

anyway , thanks everybody

[Valentin N]

I am sorry if I miss-interpreted the comments from you and JoWa. Anways, keep it nice

[JoWa]

witch virtualisation u r talking about ??!

Virtualisation in general. That's what fools CLT. (Read more.) Manual sandboxing with CIS is one example, avast! Pro/IS is another.

[JoWa]

A friend tested on W7 x64 with CIS 5: 320/340

24. Impersonation: DDE   Vulnerable
25. Impersonation: Coat   Vulnerable

[salaficall]

Virtualisation in general. That's what fools CLT. (Read more.) Manual sandboxing with CIS is one example, avast! Pro/IS is another.

hi JoWa

sorry man , still can't get it !

how come virtualisation fools CLT and there is no real virutualisation present with the automatic sandboxing ??

yes , I can understand that CLT gets fooled by the Manual sandboxing cause it has a real virtualisation along with it when it's activated

but on the other hand , there is no any kind of virtualisation with the automatic sandboxing , it's just the unrecognized program gets some restrictions so it's only prevented from writing to protected folders, pre-existing files, and real registry keys , that makes me expecting better results with the automatic sandboxing which never happens ! , correct me if I'm wrong , maybe I'm missing something here...

I hope i made my self clear here

[JoWa]

Automatic sandboxing has nothing to do with virtualisation fooling CLT, of course. I was not talking about automatic sandboxing, so why do you keep repeating that? My first post was a reply to clockwork's post, and in the second paragraph I mention that virtualisation is not applied when clicking on Sandbox in the Unlimited access alert (= automatic sandboxing).

[salaficall]

My first post was a reply to clockwork's post

yes , and clockwork's post was all about automatic sandboxing  ! did u notice that ?

and in the second paragraph I mention that virtualisation is not applied when clicking on Sandbox in the Unlimited access alert (= automatic sandboxing).

sorry man u r right , I missed that ...

but now the problem is that u r the only one who can get a full CLT 340/340 score with the sandbox feature enabled ! as far as I know 

any help for me to achieve your amazing full unique scores with SB enabled will be much appreciated

Any thoughts?

thanks in advance 

[JoWa]

To help you with what you also missed:

what should be changed in the test to work with the comodo sandbox? do you just want that the "testresult" looks good, or do you want to test your program? hey, all products would get 100% results if it was usual to modify tests to get good results

when a TEST has to be changed to get good results.... LOL?

So I explained why CLT has to be updated (to be able to test virtualisation software with correct results). And that has nothing to do with
24. Impersonation: DDE   Vulnerable
25. Impersonation: Coat   Vulnerable
It's about this. But you already know that?

Help you get higher score… Use XP?

[salaficall]

maybe CLT needs to be updated to test other softwares or to test CIS manual sandboxing ( I don't think this is possible , how can the test program ever knows is it virtual or no ?? , anyway I'm not a programmer to tell ) 

but 99.9 % of the CLT users and testers of CIS use it with no virtualisation at all ( automatic sandboxing ) , so there no need to update CLT to test CIS 5 , there is something wrong with CIS automatic sandboxing that needs to be fixed ...

like clockwork said :

the test shows that the sandbox allows things to be done automatically which you dont want to be done.
yes, a reboot will remove some of the happened threats.... but the threats worked until that (keyloggers for example).

the test shows that there is a design problem with an "automatic allowing sandbox". in other words: automatic sandboxing is meaning much more, that the threats are allowed to run automatically, even without any question from defense+.

once again , CIS 5 is the most powerful Internet Security software one can have in my opinion.

but I hope to get a more detailed technical answer regarding this issue from the CIS developers. 

[salaficall]

Help you get higher score… Use XP?

tried that , same problem 320/340
24. Impersonation: DDE   Vulnerable
25. Impersonation: Coat   Vulnerable

What's up at your end I simply don't know how u get full score with SB enabled !

anyway , thanks for trying to help

salaficall

[Tags:]