about the keylogger and the screen logger

a256886572008 · November 17, 2011, 4:36pm

In the sandbox level, “partially limited”, comodo can not block these actions.

(1)access the keyboard

(2)access the computer monitor

???

webbie146 · November 17, 2011, 4:48pm

After reading you’re post i assume that sandbox levels like ‘restricted’ and ‘untrusted’ are not bypassed.
That would mean that Comodo made the decision to not block those actions on partially limited. Probably because of usability.

a256886572008 · November 17, 2011, 5:02pm

1.comodo sandbox can not block them only in the level, partially limited

2.comodo firewall allows all outgoing requests by default

3.If a keylogger or a screen logger accesses the network, comodo can not block it.

wasgij6 · November 17, 2011, 5:09pm

i think this is all by design not a bug. yes by default its less secure which is y a lot of people change the defaults

webbie146 · November 17, 2011, 6:45pm

Agree. Although this is a security risk, it’s not a bug ore something. This just once again proves that you should up the sandbox restriction level to something like untrusted.

Chiron494 · November 17, 2011, 7:14pm

Personally I think that this needs to be changed.

HeffeD · November 17, 2011, 7:40pm

+1 :-TU

miloszcz · November 17, 2011, 7:44pm

:-TU

siketa · November 17, 2011, 7:57pm

Plus change Unrecognized Files default from Partailly Limited to Limited at least.

mouse1 · November 17, 2011, 9:16pm

Hi Axxx

Do you have a proof of concept?

These are probably not restricted via OS restrictions, but by D+.

Best wishes

Mouse

pikusek · November 17, 2011, 9:31pm

+1 :-TU

mouse1 · November 17, 2011, 10:03pm

Direct physical access to these are supposed to be restricted. Do you have any evidence that they are not?

Best wishes

Mouse

a256886572008 · November 18, 2011, 12:16am

I test COMODO firewall with the AKLT.

CIS sandbox with the level, “partially limited”, can not block it.

CIS sandbox with other levels can block it.

mouse1 · November 18, 2011, 3:08am

Thanks, and the screen grab?

Can anyone replicate?

Best wishes

Mouse

a256886572008 · November 18, 2011, 3:17am

screen logger:

clipboard logger:

liosant · November 18, 2011, 4:19am

2.

3.

4.

does this:
and re-test with spyshelter and aklt.

mouse1 · November 18, 2011, 4:28am

Thanks Axxx

Are you using 5.8 public? Others have reported Spyshelter screengrab no longer works in 5.8

Best wshes

Mouse

a256886572008 · November 18, 2011, 4:31am

1.yes

2.Only “partially limited” can not block loggers.

mouse1 · November 18, 2011, 9:35am

Thank you for your helpful research

Please make an issue report in the bug forum using the standard format here.

Best wishes

Mouse

a256886572008 · November 19, 2011, 1:16am

I find out this one interesting. :o

If comodo block the action first,“install global hooks” without “more options”, then comodo can block the loggers.

If comodo block the action first,“install global hooks” with “more options”, then comodo can not block the loggers.

If comodo does not block the action first,“install global hooks”, then comodo can not block the loggers.