Anyone know of a clipboard logging exploit or tesing program?

Please do test the sandbox (esp Kiosk) with it if you know of one. And post results in this trace.

Obviously test safely, in a Virtual Machine or something, and only if you know what you are doing. Please don’t post direct links to actual malware

Best wishes



Thanks R.

My results are:

  1. Clipboard paste not operating in Kiosk (think cut is), at least not after running antitest. Anti-test can insert hook which collects nothing.
  2. Clipboard is operating outside Kiosk (of course), antitest run outside Kiosk can insert hook. Hook running outside Kiosk then collects anything I cut/copy inside or outside kiosk.

Curious, and if one is using Kisok for banking say, a vulnerabiuity. Can anyone replicate?

Seems likely that paste problem is recurrence of old bug where paste stops working in virtualised progs eg browsers after working initially.

Clipmate still working better than windows keyboard as it maintains separate virtualised/nonvirtualised databases. But still gets logged by antitest outside Kiosk and paste still malfunctions.

Best wishes


Or this tester

Thanks very much Ronny


comodo VK ≠ avast safe zone
comodo VK = kaspersky safe run

On the other hand, it can not protect the processes running in VK.

how does safe zone and kiosk differ? which is better and why?

safe zone → protect the inside processes of it
(The users may not need to worry about using the infected system.)

VK → the same as a sandbox, protect the outside processes of it

Yes, Good point, as I have discussed with the mods, it depends where the bad things and the things-to-be-protected are assumed to be.

Ideally you need multiple sandboxes which make different assumptions and so have different security settings.

Banking - protected inside sandbox, hostile outside
Risky browsing & malware testing - hostile inside, protected outside

Unfortunately you cannot change the D+/BB restriction settings for he sandbox (HIPS is mostly inactive), but I have done my best to address the issue within this limitation in these recommendations. Using the sandbox for different purposes.

To solve this properly of course you need CIS to be able to detect virtualised processes as a ‘group’ and formulate rules for all virtualised (&non-v) processes, and pairwise rules which differ according to whether the source and target are virtualised or non-virtualised. You can do some of this for FW rules using the ‘physical’ VTRoot path to an executable. But there is an bug (?) that runs the non-virtualised instance (if you are dealing with virtual and non-virtual instances on the same logical path) when you choose to run a program. To test this just install a trusted program virtually and in real to the same logical path, then change some bytes in the VTroot instance of a trusted program, and watch it run as trusted when run from a Kiosk shortcut which references the logical path. (I have reported the issue).

Best wishes


I test the AKLT with VK enabled only. (CIS v6 beta2)

  1. The AKLT.exe is not in the sandbox.

  2. The AKLT.exe is run outside VK.

  3. HIPS and BB are disabled.

The AKLT.exe can not log any keystroke inside VK.

But, VK can not block clipboard logging of the antitest.exe.

  1. The antitest.exe is not in the sandbox.

  2. The antitest.exe is run outside VK.

  3. HIPS and BB are disabled.