Sad: No progress with the x64 HIPS of CIS

[evil_religion]

Hello,
version 4 of CIS didn't improve anything regarding passing leaktests on Windows Vista or Seven x64.
Still it doesn't block the Matousec SSTS tests regarding:
-keylogging
-DLL injections (global hooks)
-window messages
-OLE automation
-DDE

It fails these tests (incomplete list but should include ~all techniques):
kill3f (example for window messages)
keylog1 (keylogging)
breakout1
cpilsuite2 (Outpost warns about global hook)
ddetest
flank
osfwbypass

Tested with proactive profile, sandbox disabled.

I don't say that it has to pass all tests but at least the ones which are passed by other products. Matousec has already announced tests on Windows x64, so Comodo should speed up there.


Also, the direct keyboard access warnings are still way to aggressive on x64, it gives warnings if any application receives keyboard input (e.g. typing text). It's only on x64, can't be too hard to fix, reported this long ago.

[begemot]

That's interesting, I've tested all of Matousec's tests with proactive and sandbox disabled, and Comodo successfully blocked everything - so it seems I can't reproduce your results... Are you sure you cleaned your system out prior to testing of any old tests?

[Citizen K]

Begemot are you using 32 or 64 bits OS?

[begemot]

Win 7 x64

[Ronny]

Do the tests "fail" if you disabled all security on your system?

Just to make sure your test is "valid"... and are you testing under Standard or Admin account, UAC enabled/disabled?

[begemot]

Admin account, UAC disabled, and I'll retest them with comodo disabled asap.

[evil_religion]

That's interesting, I've tested all of Matousec's tests with proactive and sandbox disabled, and Comodo successfully blocked everything

That shouldn't be possible. Can you post screenshots?

[begemot]

Sorry, turns out that I was using a 32 bit virtual machine - good job i double checked before posting the screenshots... 

[Ronny]

No problem can happen 
Do you happen to have the ability to build a 64bit test environment?

[begemot]

Should be able to at the start of next week, will post some updates then.

[evil_religion]

There won't be a difference to my results, but test and see urself.

Edit: Some tips:
-Don't enable DEP for all processes.
-Disable UAC.
-You need to start some of the tests in XP compatbility mode.
-Not all tests are working on x64, some are even crashing.
-You won't see any activity of Cpilsuite2 & 3 because the code they are attempting to inject is 32 bit and not compatible to 64 bit processes. If they had compatible code Comodo would visibly fail these tests because SSTS can unhook the usermode hooks of Comodo for SetWinEventHook. Like I already stated, some other x64 HIPSes give correct warnings for these tests, e.g. Outpost.

[vigen]

many lots of bug on seven 64 bits, i come back to the version 3...

Conflict to WOW64 on sandbox...

[evil_religion]

Online Armor has an unhooking protection, so it doesn't fail the Matousec tests on x64:


And Comodo is doing nothing, they happily fail many tests and say the world is alright.

[lordraiden]

And Comodo is doing nothing, they happily fail many tests and say the world is alright.

Wellcome to Comodo world, where everything is wonderful xD and nobody cares about bugs, wishlist, or unfinished components of the security suite.

[tommymacangel]

I think it's MS fault And also W7 64 is really poor, really new and not so popular