on my system (win8x64), sandboxed “zemana keylogger test” can capture keystrokes. without sandboxing (when disable BB), CIS HIPS can stop it.
i disabled whitelist, checked again but same result.
i dont know why.
Thats the reason why i am using defense+ as default deny. Without the sandbox.
is it ok to run both ???
Which is the best setting for the autosandbox.im using fully virtualized.
Thanks. 8)
Can you please test this with the Behavioral Blocker set to Restricted and see if keystrokes can still be logged?
Can you please test this with the Behavioral Blocker set to Restricted and see if keystrokes can still be logged?
REstricted, untrusted…
still can capture.
I’m not too worried, as at least the firewall will still prevent any information from being sent from the computer, as I describe in my article here.
However, I think that this is a problem which should be looked into.
Okay, I just configured CIS as described in my article and ran the keylogger test from this page. It wasn’t even able to run.
I’ve attached a screenshot of what happens when I click Start. This is for Windows 7 x64.
[attachment deleted by admin]
I get the same results Chiron.
Okay, I just configured CIS as described in my article and ran the keylogger test from this page. It wasn't even able to run.
Wow, good for you, i am still bypassed
i think, There is a problem because Untrusted app can capture keystrokes.
And HIPS doesnt prevent any actions for sandboxed apps
i am not talking about configuration tweak.
My understanding about behavior such as this is that it’s not a complete bypass as the firewall will still stop anything which an untrusted program tries to transmit. Thus, unless that firewall alert is also bypassed in some way there is not really a major problem.
By the way, can you please try configuring CIS on your computer as I suggest in my article and confirm that at least by doing that you can stop it from successfully logging your information?
Thanks.
Just ran the test myself and nothing happened.i pressed the start button then nothing.I ran it in a virtual browser.
My understanding about behavior such as this is that it's not a complete bypass as the firewall will still stop anything which an untrusted program tries to transmit. Thus, unless that firewall alert is also bypassed in some way there is not really a major problem.By the way, can you please try configuring CIS on your computer as I suggest in my article and confirm that at least by doing that you can stop it from successfully logging your information?
Thanks.
We dont know about firewall because test has only logging ability.
Anyway, i will check your article but i am talking about default configuration.
i know, CIS already catch it, if BB disabled.
Right. Windows 7 64-Bit here. If I run this test with only BB on (HIPS are off) and set to ‘untrusted’ CIS fails to stop the keylogging. That was Chiron’s configuration from his article apart from the ‘untrusted’ level as he is using ‘limited’. Go figure ???
If I use BB ‘untrusted’ and HIPS are on the CIS pass the test like with Chiron. Hhhmmm. Confused.com here.
Actually, I now recommend at least ‘Restricted’.
Okay, did you configure it exactly the way I recommended, including switching it to proactive configuration? That’s what I did, including disabling the HIPS.
Last words before data leaked:
“I use the auto sandbox…
Going to play a game now… Wasnt there a game mode button? … Ah there it is…”
in here i get the same result like chiron. i wasnt able to run it!
i use Win7 64Bit with CIS proactive mode and Sandbox limited + HIPS enabled
Proactive mode
BB autosandbox untrusted
HIPS close or safe mode
Antivirus/Firewall default settings
Win8x64, zemana has logging ability
[attachment deleted by admin]
I see. Well ‘limited’ or ‘restricted’ all still below ‘untrusted’ so how can it be? That it protects better so to speak? Unless it’s some bug in CIS.
I done exactly word by word what you written in your article including proactive configuration and HIPS being off apart from the level of restriction as I always use higher. Can you please check if you have anything enabled in your HIPS?
Edit: Better yet use the same settings as you do only put the restriction level to untrusted with HIPS being off and see what it does. We use the same system Chiron Windows 7 64-Bit.
Hi,
If I am using CIS 6 default settings, can Zemana still capture keystrokes if I use the virtual keyboard in kiosk?
Thanks
Great point
I wouldn’t think so
checking…