CFP fails Clipboard Logger Simulation Test

http://www.zemana.com/list/list.asp?ktgr_id=426

More detrails here:

Can the interception for this behavior be added in some future version?

Thanks

Yes, great test.
Another challenge to Comodo crew.
There is also more tests on that site, one particular will be very interested to Comodo (SSL Logger Simulation)

Screeny of CFP failure:

[attachment deleted by admin]

Hi thanks for that.

BTW u did not tried so far my malware sample where CFP is not able to detect memory modification.

Yep. It seems CFP misses to catch clipboard callbacks. We will be introducing the defense against this with the upcoming versions. No worries.

the other tests should be ok.

Thanks for this.

It seems nothing yet for this new 3.0.22.349 build?

BUMP
Upcoming version will detect clipboard logger test?

They promised to add it but seems so far it,s not done.

bump

Any news on on fixing this in a future version? (L)

Hmmmm… I am still waiting. I did not bump as I was waiting for next version.

CFP version 3.5.50676.393 still doesn’t pass this Clipboard-Logger Simulation Test 88) .

Yes, I can confirm.

Does anyone know how to configure the latest CIS Beta such that it can detect Zemana keylogger and screen logger?

I failed all the tests with CIS, even on paranoid mode. Thanks a lot.

For me CF 3.5 passes these two tests (Defense+ shows relevant alerts and if we block these activities, all is ok). Settings are chosen during installation: proactive defense. After installation of CF relevant Defense+ settings are not changed. Defense+ is in safe mode.

Check if settings “keyboard” and “computer monitor” are checked (are on) under gui-defense+ -advanced-defense+ settings-monitor settings. Make sure relative Zemana’s executables (keylogger and screen logger) are not listed under gui-defense+ -my own safe files. Delete appropriate rules for these executables from Computer security policy of Defense+.
Now Defense+ should catch them if set to Safe or Paranoid modes.

[attachment deleted by admin]

Wow, it worked! Thanks a lot. :slight_smile:

It seems that the ‘Computer monitor’ and ‘keyboard’ are not selected by default under the normal installation of CIS. In fact under ‘Monitor Settings’, most of the objects are not selected to be monitored. It’s unlike a normal installation of CFP 3.0 where all the options are ticked.

One thing that I had noticed soon after enabling keyboard monitor was Firefox 3.0.1 asked for permission to access to the keyboard. At first I thought it was because I was typing this reply. However, after I blocked it (just to experiment with it), I found that I can still type into this message box, right now! If this is not the case, why on earth is Firefox trying to monitor my keystrokes?

Going back to the keylogger issue, should we suggest to Comodo to enable keyboard, monitor, and probably disk monitors by default in CIS? Under current default settings, Defense+ is vulnerable against key- and screen-loggers.

And how about other activities to monitor? Is it wise to leave them unticked too?


NEWLY ADDED: Now Firefox tried to monitor my screen, what is going on? :slight_smile:

[attachment deleted by admin]

This is normal, it happens e.g. if you move tabs.
I’ve blocked it and I can’t recognize any negetive consequences.

Edit: I don’t think it’s imporant that Comodo doesn’t pass this test where the thread is about because
1.) It can just hardly be used to gather critical information
2.) Comodo should able able to block sending the data to somewhere.

CFP version 3.5.51259.400 still doesn’t pass this Clipboard-Logger Simulation Test.

[ at ]evil_religion: Here is just one example how this can be exploited.

Adobe Flash ads launching clipboard hijack attack

Malware POC bypasses CFP Defence Plus