bypass comodo sandbox (another malware)

I disabled the antivirus and the cloud scanner.

I double clicked on the malware.

It is sandboxed as partially limited

I selected “allow”

comodo is then bypassed by the rootkit which is downloaded by the malware.

cfp.exe is terminated by it

I checked the defense+ events

2011-09-07 14:41:51 C:\Documents and Settings\Roger\桌面\virus\123\0access\info.exe Sandboxed As Partially Limited

2011-09-07 14:42:21 C:\DOCUME~1\Roger\LOCALS~1\Temp_898.tmp Sandboxed As Partially Limited

2011-09-07 14:42:22 C:\DOCUME~1\Roger\LOCALS~1\Temp_899.tmp Sandboxed As Partially Limited

FVS report:

That’s gotta hurt… :smiley: :-TU

It’s nice to have a community of malware collectors and analysts… :-TU
Comodo should be proud of us as much as we are proud to be its users… ;D

Send me the smaple pls. Probably the same issue as the previosu one.

Hopefully this will soon be resolved, we can all learn and adapt from this, nothing is perfect no matter how anyone tries, it is a constant battle going back and forth. >:-D

Same family as before. CIS blocks it.

[attachment deleted by admin]

So, CIS didn’t get bypassed?
Or this some new version.

Current version is bypassed. This malware and all the malware OP submitted are all the same which use a specific bug in CIS.

So its fixed before but not released yet. this week you will get the new beta.

Very nice to hear Egemen. :-TU

Cant wait for it!

Very nice, thanks for your job. We’re looking forward to it … :-TU

:-TU :-TU :-TU
Great news

Wonderful news. Thank you! :slight_smile:

Released. Pls check build 2075.