about the keylogger and the screen logger

In the sandbox level, “partially limited”, comodo can not block these actions.

(1)access the keyboard

(2)access the computer monitor


After reading you’re post i assume that sandbox levels like ‘restricted’ and ‘untrusted’ are not bypassed.
That would mean that Comodo made the decision to not block those actions on partially limited. Probably because of usability.

1.comodo sandbox can not block them only in the level, partially limited

2.comodo firewall allows all outgoing requests by default

3.If a keylogger or a screen logger accesses the network, comodo can not block it.

i think this is all by design not a bug. yes by default its less secure which is y a lot of people change the defaults

Agree. Although this is a security risk, it’s not a bug ore something. This just once again proves that you should up the sandbox restriction level to something like untrusted.

Personally I think that this needs to be changed.

+1 :-TU


Plus change Unrecognized Files default from Partailly Limited to Limited at least.

Hi Axxx

Do you have a proof of concept?

These are probably not restricted via OS restrictions, but by D+.

Best wishes


+1 :-TU

Direct physical access to these are supposed to be restricted. Do you have any evidence that they are not?

Best wishes


I test COMODO firewall with the AKLT.

CIS sandbox with the level, “partially limited”, can not block it.

CIS sandbox with other levels can block it.

Thanks, and the screen grab?

Can anyone replicate?

Best wishes


screen logger:

clipboard logger:




does this:
and re-test with spyshelter and aklt.

Thanks Axxx

Are you using 5.8 public? Others have reported Spyshelter screengrab no longer works in 5.8

Best wshes



2.Only “partially limited” can not block loggers.

Thank you for your helpful research

Please make an issue report in the bug forum using the standard format here.

Best wishes


I find out this one interesting. :o

If comodo block the action first,“install global hooks” without “more options”, then comodo can block the loggers.

If comodo block the action first,“install global hooks” with “more options”, then comodo can not block the loggers.

If comodo does not block the action first,“install global hooks”, then comodo can not block the loggers.