BB not blocking some key loggers when isolating their processes [M252]

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic title, NOT here.

  • Can U reproduce the problem & if so how reliably?: i can reproduce the problem very reliably
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened: i lunched a program called " Zemana Keylogger Simulation test v1.5.2.70 " Comodo isolated that program, however it still managed to log everything i wrote at Explorer and Firefox browser (i have not tested other programs)
  • If not obvious, what U expected to happen: i expected the key-logger to crash or not record any keys
  • If a software compatibility problem have U tried the conflict FAQ?: not a software compatibility problem
  • Any software except CIS/OS involved? If so - name, & exact version: Zemana Keylogger Simulation test v1.5.2.70
  • Any other information, eg your guess at the cause, how U tried to fix it etc: i dont know what the cause is or how to fix it
  • Always attach - Diagnostics file, Watch Activity process list, (dump if freeze/crash). If complex - CIS logs & config, screenshots, video, zipped program (not m’ware)
    [/ol]

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- CIS version & configuration: Product Version 6.0.264710.2708 Database Version: 15132

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: all on default settings
  • Have U made any other changes to the default config? (egs here.): no
  • Have U updated (without uninstall) from a previous version of CIS: yes, i have the latest version
    [li]if so, have U tried a a clean reinstall - if not please do?: i do not think reinstalling Comodo would work
    [/li]- Have U imported a config from a previous version of CIS: no
    [li]if so, have U tried a standard config - if not please do: i used the standard configs
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, & VM used: windows 7 Enterprise ,Service Pack 1, administrator account, 64 bit OS, 8.00 GB RAM
  • Other security/sandbox software a) currently installed b) installed since OS: Malewarebytes scanner, it was not running at the time
    [/ol]

Notes:
i will attach the keylogger program in a zip file since it is a simulation more then m’ware and shouldnt have the ability to send information though the internet. I will attach relevant screenshots and logs as well.
one the reasons i report this is because at the latest software update of Comodo antivirus it was writen:

" This new addition helps to secure desktops and servers against rootkits, inter-process memory injections, key-loggers and more " so this may be a bug from my understanding. Hopes this helps.

[attachment deleted by admin]

In version 6.0 of CIS it was planned that foreground keylogging would be allowed, and only background keylogging prevented. I’ll check with the mods too see if that info is current.

Oh excellent report by the way, thanks

Mouse

Yes that info is current, so this would not be regarded as a bug.

So I’ll forward to D+ help, as I think this can be tightened using HIPS if you wish.

Mouse

From the information you have given I am not clear whether this is a bug/issue.

For the moment I will transfer you to help so you can work through this issue with users and mods in this forum and hopefully resolve it. I hope that is OK.

Please ask any mod to move this report back to the bugs forum if it becomes clear that it is a bug/issue.

Best wishes

Mouse

Hi
Not sure I understand whats going on here…
Zemana is allowed to log as it’s user initiated ?
CIS differentiates between user initiated (foreground) and non user initiated (background) ?
sorry for the confusion but I think a clear understanding is vital for test/results such as these to prevent the wrong conclusions been drawn
Thanks TF

Fair comment, was processing too many bugs this am :slight_smile: Mods discussion actually still continuing, so will move back pro-tem,

Mike

If some one where to sneak in a auto zemana bomb since it’s not detected as malware etc…
But you can’t just tag it as malware and ignore it.it logs fully virtualized inside and out side the kiosk.
It should tested by the dev team.

No worries :slight_smile:

I also posted here - https://forums.comodo.com/news-announcements-feedback-cis/getting-key-logged-with-a-sandboxed-keylogging-testerand-in-virtual-kiosk-t91321.0.html;msg658537#msg658537
Sorry for cross posting,

as always if any more info required pls ask
Thanks TF

Thanks very much will hopefully get some more replies from mods tomorrow, as I cannot work out how what we have been told is supposed to work in principle actually works in practice.

It’s never a problem to post a link where it is relevant.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again

Mouse

happy to help :slight_smile:

I also check other loggers from Zemana site ( http://www.zemana.com/SecurityTests.aspx ) and Comodo managed to detect them very fast during the download and remove them. There is also a SSL-Logger Test Program that you can get only if you contact Zemana, i believe Malware Research Groups have the right to test those so good luck with that also. Its grate to see how fast bug reports and other topics are taken care of in this forum.

That’s good to know, thanks for telling us

And thanks regrading speed. In this forum all done by volunteers :slight_smile:

Mouse

Can you please check and see if this is fixed with the newest version? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

i re downloaded the keylogger from Zemana site, and when i ran it the results were the same. the program was isolated as unrecognized and partially limited, yet it still logged everything i wrote on none-sandboxed windows. i also tried right clicking the key logger and pressing “run in COMODO sandbox”, but that did change the program’s behavior.

(tested with the latest cis )

Already updated in tracker. Fix list says fixed but am leaving open, as mod experienced same thing as you.

Can you please check and see if this is fixed with the newest version (6.2.282872.2847)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

i downloaded it agian, it still seem to log everything i write on none sandboxed programs ( it is partly limited)

Thanks for checking this.

I’ve updated the tracker.

Can you please check and see if this is fixed with the newest version (6.3.294583.2937)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.