Check this video on CIS 5.3

Have you guys checked this video on CIS 5.3. A malware was autosandboxed but it got through & infected the system & system was not responding. After restart of the system too internet explorer kept crashing & the guy was not able to perform the test so he ended the test.

Check the video & comment - Comodo Internet Security 5.3 Prevention Test - YouTube


I would like to know if he did it on the VirualBox or Wmware player.

Valentin N

Well there is a VMWare icon in the traybar.

In that case Comodo didn’t do very well. No HIPS or Sandbox prompt…

sad for cis… :stuck_out_tongue:

a scan with mbam after restart and a ccleaner session would have been interesting before ending the test :P0l

I disagree with both of you. This video does not prove that malware bypassed the sandbox.
We know that malware can sometimes dominate CPU cycles when it is running in the sandbox (and thus, the suggestion posted below was made). But in this video, most of the CPU cycles are dominated by the windows “dumprep” program (run when a program crashes) and this is what caused his “freeze”. The freeze was not caused by CIS or the malware dominating the CPU. All he had to do is wait until dumprep finishing running, and his system would have unfroze.

The sandbox does not prevent crashes or file corruption caused by poor programming or incompatibility, which may have been the cause of his IE crashes (malware corrupting IE). IE corruption could have also been caused by powering down rather than shutting down (not sure which he did based on the video). To fix his IE damage, he just needs to reinstall IE. What the video did not show: was there any active malware after reboot? Probably not because Comodo has tested its sandbox against tens of thousands of malware samples, and none have bypassed the sandbox. So, he may have had corruption of IE, but his system was still likely to be malware-free after reboot. So, until he can prove that malware was present after reboot, then Comodo did great and it did what it is designed to do: prevent malware from infecting your system.

[quote author=Whoop-dee-doo link=topic=60766.msg431690#msg431690 date=1283747258]Sandboxed malware can make it impossible to use your computer and impossible to terminate the malware (because the malware runs the CPU at 100% or it goes full-screen and steals focus). It also makes it impossible to reboot (you must power down). To prevent this problem, CIS could institute the following options.

  • Empty sandbox (terminates all programs in sandbox and cleans out any files/registry entries that were dropped) - see #10 in this post for more details.
  • Suspend sandbox processes (halts them all from running or gives the sandbox minimal CPU usage)
  • Set limits on the CPU usage of the sandbox - have user predefined limit to the % CPU dedicated to the sandbox (posted here and here).


The video doesn’t show that the system got infected at all, after a reboot all the running processes in the sandbox should be gone.

Actually this video is unprofessional and useless.

that’s why i said that a little ccleaner session would certainly solve the problem…

BUT a novice user doesn’t know it and will considers his pc is corrupted : ie internet explorer is down…,1003.html

One malware blocked desktop, and tester couldn’t do anything.

You see?
I said that Comodo should alerts when aplication want to go into full screen mode…
Malware block all desktop…and when you have some documents opened and you don’t save they…
You lose they.

Can’t you use ALT+F4 to terminate the program?

The malware of the test

Mod Edit Image showing malware links removed as per policy.
If you wish to inform others about a specific malware you can name it and say which day it appeared on MDL.

It’s not COMODO’s falt that he couldn’t scan it’s the VM because it’s so slow!!!
Check out this one of COMODO 5.3:
Comodo Internet Security v5 3 Test PL - YouTube :-TU

I must say that I really dislike people that talk sh*t and who try to give Comodo bad reputation. It’s not because I am comodo fanboy but because it’s not true.

Thanks ahmedhhw. :-TU

Valentin N

… so threre’s no problem… and everything is fine in comodo’s brave new world :wink:

I think that’s the same one…

No it’s a different test because the person that made it has a different user name and it’s not silent + the result is different ;D