Black-Day still bypasses the sandbox

I tested the black-day.exe trojan on Comodo’s sandbox (I used two VM’s, VMWare and VirtualBox and the results were the same.)

I disabled all modules except for the automatic sandboxing (no scanning in the cloud or anything.) I set it to automatically run as Untrusted and it infected the test files across the system.

When running in the manual sandbox it was unable to infect the computer at the Partially Limited level.

So I take it this is just a full virtualization issue? I realize that default settings of Comodo will stop Black-Day but it would be nice if the sandbox could do it.

CIS 5.8
WinXP fully updated 32bit

The important question is whether and of these files was running after rebooting your computer.

When running in the manual sandbox it was unable to infect the computer at the Partially Limited level.

So I take it this is just a full virtualization issue? I realize that default settings of Comodo will stop Black-Day but it would be nice if the sandbox could do it.

CIS 5.8
WinXP fully updated 32bit

Full virtualisation with the automatic sandboxing may other than for security reasons also be useful to make CIS more compatible with regular programs that are not white listed.

Yes. Full virtualization will be very nice.

Not sure if it restarted with the computer. Either way the programs and files were infected after a reboot and they had all been patched to run black-day.exe when run.

I just educated myself a bit about black day trojan and with CIS with default settings or with default setting with automatic sandbox nudged up to Untrusted will be able to infect the computer.

With infection is meant It overwrites a lot of data file types and executables with a copy of its own.