:o
What’s the problem? If Defense+ is set up to monitor keyboard access, why it doesn’t alert me about what the keylogger was doing?
Alerts for me. Perhaps you have pre-existing rules about AKLT.
[attachment deleted by admin]
When you got the alert, did you allow it as a “Trusted App”, or just ALLOW without REMEMBER?
Ewen 
Kyle, are you joking with me? I’m not testing Anti-Keylogger Tester 3.0 from firewallleaktester.com - This website is for sale! - firewallleaktester Resources and Information. ! I’m testing SC-KeyLog 2.25 from Download SC-KeyLog - MajorGeeks ! And there’s no rule in Defense+ for that keylogger!
Only ALLOW Ewen, no TREAT AS and no REMEMBER MY ANSWER.
■■■■! Just tested and it does not produce D+ alerts. Thanks for pointing this out Joker. I’ll point a dev at this topic.
Ewen
Sorry about the confusion Joker. I thought that you were complaining about the default settings of CIS (Keyboard monitor disabled)
My mistake - You are correct. SC does have a few alerts about internet connection and possible malware behaviour from D+ and also the AV flags it as malware. However- No keyboard acccess alerts. You’re right.
Hey Joker and gang,
OK, agreed your assertion is correct.
I’m sure the devs are aware of this type of situation.
It’s classic Trojan behavior. And this highlights the reason they are incorporating BOClean into CIS.
My assertion was that you are protected, and you agreed, yes basically user is protected.
Via AV and D+, but if user is fooled by trojan, and adds it to AV exclusions, and allows it to
create and modify in this case explorer.exe and some reg keys.
Then D+ is fooled, you don’t get keyboard access alerts because the trojan is running with explorer.exe access rights which happen to include keyboard access allow.
So this is why you need an app like BOClean that puts the hammer down on these things regardless of file name or location, or D+ settings or AV exclusions. It has to show it’s true colors or unmask when it loads in memory or injects itself into a safe process.
With BOClean installed you can not run this puppy period, regardless of D+ settings.
So in the end we’re all right, and they are doing the right thing adding BOClean to CIS making even more solid and Idiot Proof.
Go CIS and BOClean… Later :■■■■
I have had a new program running and received an alert that it was trying to access the keyboard (the program was allowed, this became a second D+ alert - the program was awaiting an input from me to answer a question it had asked).
Maybe it is just the way CIS monitors the hardware because the settings simply says ‘Objects to Monitor Against Direct Access’.
Do keyloggers actually have or require direct access to the keyboard to do their thing?
Yes, thats exactly what they are designed to, sit in between the keyboard (actually the keybaord buffer) and the normal Windows hardware layer that reads the keyboard.
Ewen
Thanks for testing and helping guys!
Best regards!
Just noticed that this thread is in the wrong board :P. It should be in bug reports.
I messaged Melih about this so he can contact the relevant people…
Reported by "The joker" https://forums.comodo.com/empty-t34317.0.htmlWith this constructor allows you to create an executable keylogger that is not intercepted by defense+ for keyboard access. It gives you alot of other alerts and plenty of chances to “kill” this process how ever no alerts for keyboard access.
Download SC-KeyLog - MajorGeeks
In case anyone is worried about Comodo not getting keyloggers there is an excellent software called Zemana AntiLogger being given away today only at Giveaway of the Day http://www.giveawayoftheday.com
It seems to take up very little system resources and is compatible with Comodo. So far, so good.
Thanks Sammo! 
Even setting D+ to Proactive, any malware installed that CAV alerts and we I add to the exclusion list, then Defense+ won’t detect it. :-TD
Conclusion: All items in the Antivirus ‘Exclusions’ list will be excluded also from Defense+ component.
Sorry my poor English.
I just installed “Powered Keylogger 2.3” and during the install process D+ did its usually pop up warnings about installing a new program. However, comodo AV went nuts and gave me warning after warning that a key logger was installed.
This is only one keylogger, but several well known AV’s are listed as being unable to detect this keylogger (Elite Keylogger for Mac OS X: invisible, tracks passwords, free version). Id love to do more tests, but I do not want to install anymore malware on this PC.
This has been reported over a month ago, no updates yet…
All those people doing internetbanking\shopping.
there is no updates yet about this?
Too late, but we have an answer. See the posts below:
Thanks joker