1. The full product and its version:
?
2. Your Operating System (32 or 64 bit) and ServicePack revision. and if using a virtual machine, which one:
?
3. List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?:
?
4. Did you install over a previous version without uninstalling first, or import a previous configuration file?:
?
5. Other Security, Sandboxing or Utility Software Installed:
?
6. Step by step description to reproduce the issue. Or if you cannot reproduce it, what you actually did before it happened, step by step:
1: ?
2: ?
3: ?
7. What actually happened when you carried out these steps:
?
8. What you expected to see or happen when you carried out these steps, and why (if not obvious):
?
9. Any other information:
?
I have come across a malicious file that when run in the sandbox the results are not optimal. This refers to the beta 8 build of Comodo, HIPS on or off, Sandbox enabled. The OS is Windows 7.
In short, when this file is executed:
- there is an immediate Sandbox alert that the file requests unlimited access to the computer. I clicked the Default action of run isolated.
2). An install routine file, au_.exe is spawned and also automatically sandboxed into the VTroot drive (users\name\app data\local\temp).
3). An installation box appears (green border, so in sandbox) which then takes a list of the files contained in the directory where the parent malware resides, then runs a script that deletes all of the files found.
Please note that when running this file in a system protected by Comodo version 7 with the sandbox settings at Full V the malware is incapable of deleting anything.
If any Mods or Comodo personnel wish to acquire the sample for verification please PM.