IE PassView
1.I double clicked on it.
2.It was sandboxed automatically.
3.CIS can not block it for all sandbox levels.
4.The password was detected by it.
I think it’s only a ‘read’ action this tool needs, It would protect you against changing the password using such tools.
Current version can’t protect ‘read’ actions.
Can this be used by a trojan?
I think so, the trojan is unknown code, it executes, it get’s sandboxed and is allowed to ‘read’ this registry key’s.
Only thing that it has to manage now is to send it back home… and if everything is ok that shouldn’t be allowed.
You never know. Default configuration for firewall is ridiculous, and Defense + cannot stop 100% network traffic. I see posts on wilders that various tools (i.e. process managers) reported net traffic from malware when testing CIS with malware on default config.
Defense + should be shielded up against these attacks. Protection against gaining sensitive data by malware should be implemented.
Let’s hope for a lot of that in upcoming v6 releases…
data leakage is left for Firewall atm. So u should be ok, u need to change it to proactive though.