Okay, I believe that a file run from the Shared Space folder can run on the real computer. Thus, by running the file in the Shared Space you effectively accidentally negated the protection offered by the virtualization and ran the file on your real computer.
For the future remember that anything run in the Shared Space folder has access to both the virtual computer and the real computer.
However, the Shared Space folder is not inside the sandbox. (Kiosk) It is a mediator between the physical and virtual environments.
The Shared Space folder is where you would download something from within the sandbox that you wish to run on your normal (physical) system. If you wish to run something inside the Kiosk, you have two options.
From inside the Kiosk, download the file to the desktop and run it. The Kiosk’s desktop is virtual, and the text that you have quoted applies.
From outside the Kiosk, place a file inside the Shared Space folder, then enter the Kiosk and move the file from the Shared Space folder to the desktop in the Kiosk and run the file. This way, the text you’ve quoted also applies.
Running the file from the Shared Space folder will not have the protections of the sandbox because it is outside the virtual environment. Therefore, the text you have quoted does not apply.
Edit: For clarification, the automatic sandbox still reacts to files run from the Shared Space folder, but the file is no longer inside the virtual environment.
However keep in mind that by definition an AV solution is always behind on the facts and added to that the enormous amounts of malware being produced over the past 6 or so years no AV solution can keep up and any given point in time…
I just downloaded vistart and scanned the installer with CIS and it found Viupdater to be suspicious. See attached image.
First, the Conduit Search Virus is not new and has been around for years while being very wide spread and damaging, just type it into Google (Conduit or Conduit Search) and see the large number of users looking for solution’s, it is not like this is a minor or new problem.
Second, Comodo AV’s job is to stop or warn of danger without tweaked settings in CIS before it becomes a problem and it’s job is to tell you that up front and not by going here and there and doing this and that.
Comodo needs to dump the excuses and offer a real workable answer to a large problem.
We forum moderators are users just like yourself. We are not employees or representatives of Comodo. Anything we say is strictly our own opinion. We cannot and do not speak for Comodo. I apologize if you felt otherwise.
That said, I’m unaware that any of us moderators have made any excuses either. My contribution to the thread was merely pointing out that nothing escaped the sandbox virtualization because you had placed the file in a non-virtualized folder and ran it from there. I wasn’t trying to justify anything, merely pointing out the way the Shared Space folder in CIS functions.
As for the missed detection, CIS should have still reacted as it would for any other file. The alert Eric posted seems to suggest that this malware (or perhaps potentially unwanted application) should have given you an alert. So perhaps you encountered a variant. Did you submit it as I suggested in a previous post?
I would not wait until i get protected by a definition or something else, while installing things.
My guess about what happened is:
Running browser with sync in kiosk.
Kiosk may work or not… BUT,
as the browser sync seems to be involved, the saved sync on an external server is obviously not sandboxed. So it might appear as if the kiosk does not protect, once you loaded the browser outside of the kiosk and it synced.
If i cant find a trusted source of a trusted file, i tend to find informations or drop the idea to install something.
There will never be 100% protection. So filter out as much as possible. That way you most likely dont have to worry about the undetected %.
Can you please explain how it got on your computer? For example, was it included in an installer for something else you had meant to install? If so did you accidentally allow it when you allowed the installer?
Also, was it run on the real computer or in the Fully Virtualized Sandbox?
Did it get installed together with a free application? They sometimes bring in those “goodies”.
Conduit.com is an online search engline which has a browser toolbar, which supposedly is “powered by the community”. The search engine is somewhat similar to search engines like Google or Bing, just it is smaller.
Is Conduit malicious?
No, it’s not. But the fact is that the browser toolbar which they promote makes some unauthorised changes to your browser settings, which changes your start page without your approval. Additionally, users report that it installs into the computer without user consistence. No wonder why people think that it’s more like a browser hijacker or redirect virus, instead of a normal addon. If you’re constantly redirected to search.conduit.com, you’re infected with this browser hijacker.
I’m infected. How to remove conduit.com redirect virus?
You can get infected with Conduit by installing various free applications. For example search.conduit.com is installed with VUZE, popular file sharing program and infects even MAC browsers, primarilly firefox.
For advanced computer users we advise to type into Firefox url field: about:config. Browser will warn you that you should know what you are doing. After type: “conduit” in the search field and “reset” all values you found. That should remove hijacked search results.
Although conduit.com isn’t a malware, but it’s frustrating to remove it. The browser helper object removes normally, via Add/remove programs in control panel, but the toolbar has to be removed manually, or with automatic software. Manual removal might be tricky, so we would recommend using a reputable anti-malware software to make sure your PC stays clean and fresh. In this case, try running a full system scan with Defender Pro Ultimate Security Suite or SpyHunter.
For more information about the Redirect Virus, read this: What to do when Google/Yahoo/Bing results are redirecting?
The way I got duped was it came in as something else with options you could choose if you checked the box, unfortunately whether you checked the box or not made no difference, it installs the Bug regardless, the entire download is a sham.
Since my last refresh Conduit has been gone until days then I did something really dumb, I turned on IE 10 which was synced by default and guess what showed up…yep Conduit which was listed as the default search engine!..again SYNC was the vehicle.
Lesson learned, any and all browsers are setup with the modem OFF to make sure SYNC is off.
I have to give the people that designed Conduit credit, it has a lot of highly paid people scratching their heads and possibly backsides because it hides itself everywhere in everything and they all seem helpless to stop it.