Author Topic: Why does Comodo HIPS not working or not show alerts when apps is sandboxed?  (Read 1168 times)

Offline Hanif Annur

  • Newbie
  • *
  • Posts: 1
I think it can risk users from a keylogger when auto-sandbox is enabled. I've tested Comodo HIPS with SpyShelter security test tool (https://www.spyshelter.com/security-test-tool/) in sandboxed mode (Comodo sandbox) and tried to start keylogger test and other test to test whether HIPS detect it, but it doesn't show popup alert and security test tool still can capture my keystroke even in none sanboxed apps, and also can run screenshot, webcam capture, clipboard monitoring succesfuly. Tested run in sandbox with untrusted restriction level, only clipboard monitoring failed to capture. Is there a better way to prevent unknown files from stealing password?
« Last Edit: June 29, 2016, 02:19:55 AM by Hanif Annur »

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1123
Basically, sandbox was meant to replace HIPS because it should give you higher protection with fewer alerts.
In my opinion it's better to keep both sandbox and HIPS enable (which is what happens if you enable the Proactive Security configuration).

The problem with sandbox is that it's not working as expected with Windows 10. You can check the details here:
https://forums.comodo.com/bug-reports-cis/spyshelter-test-t115145.0.html;msg837475#msg837475

Because of this problem, I have delete the sandbox rules to "run virtually" unknown apps and I have added a rule to block unknow apps instead.
If the sandbox blocks an app, I can check "don't sandbox it again", then re-launch the app. Like this the HIPS will tell me what the app is trying to do.
If I'm not sure about the app, I can always use the sandbox (meaning run virtually) as on-demand feature only.
« Last Edit: June 29, 2016, 02:59:22 AM by Jon79 »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek