A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic title, NOT here.
Can U reproduce the problem & if so how reliably?: i can reproduce the problem very reliably
If U can, exact steps to reproduce. If not, exactly what U did & what happened: i lunched a program called " Zemana Keylogger Simulation test v18.104.22.168 " Comodo isolated that program, however it still managed to log everything i wrote at Explorer and Firefox browser (i have not tested other programs)
If not obvious, what U expected to happen: i expected the key-logger to crash or not record any keys
If a software compatibility problem have U tried the conflict FAQ?: not a software compatibility problem
Any software except CIS/OS involved? If so - name, & exact version: Zemana Keylogger Simulation test v22.214.171.124
Any other information, eg your guess at the cause, how U tried to fix it etc: i dont know what the cause is or how to fix it
Always attach - Diagnostics file, Watch Activity process list, (dump if freeze/crash). If complex - CIS logs & config, screenshots, video, zipped program (not m’ware)
B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- CIS version & configuration: Product Version 6.0.264710.2708 Database Version: 15132
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: all on default settings
Have U made any other changes to the default config? (egs here.): no
Have U updated (without uninstall) from a previous version of CIS: yes, i have the latest version
[li]if so, have U tried a a clean reinstall - if not please do?: i do not think reinstalling Comodo would work
[/li]- Have U imported a config from a previous version of CIS: no
[li]if so, have U tried a standard config - if not please do: i used the standard configs
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, & VM used: windows 7 Enterprise ,Service Pack 1, administrator account, 64 bit OS, 8.00 GB RAM
Other security/sandbox software a) currently installed b) installed since OS: Malewarebytes scanner, it was not running at the time
i will attach the keylogger program in a zip file since it is a simulation more then m’ware and shouldnt have the ability to send information though the internet. I will attach relevant screenshots and logs as well.
one the reasons i report this is because at the latest software update of Comodo antivirus it was writen:
" This new addition helps to secure desktops and servers against rootkits, inter-process memory injections, key-loggers and more " so this may be a bug from my understanding. Hopes this helps.
Not sure I understand whats going on here…
Zemana is allowed to log as it’s user initiated ?
CIS differentiates between user initiated (foreground) and non user initiated (background) ?
sorry for the confusion but I think a clear understanding is vital for test/results such as these to prevent the wrong conclusions been drawn
If some one where to sneak in a auto zemana bomb since it’s not detected as malware etc…
But you can’t just tag it as malware and ignore it.it logs fully virtualized inside and out side the kiosk.
It should tested by the dev team.
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.
I also check other loggers from Zemana site ( http://www.zemana.com/SecurityTests.aspx ) and Comodo managed to detect them very fast during the download and remove them. There is also a SSL-Logger Test Program that you can get only if you contact Zemana, i believe Malware Research Groups have the right to test those so good luck with that also. Its grate to see how fast bug reports and other topics are taken care of in this forum.
i re downloaded the keylogger from Zemana site, and when i ran it the results were the same. the program was isolated as unrecognized and partially limited, yet it still logged everything i wrote on none-sandboxed windows. i also tried right clicking the key logger and pressing “run in COMODO sandbox”, but that did change the program’s behavior.