CIS fail passed keylogger test

The test.exe is a keylogger test tool and CIS fail passed although d+ prompt text.exe want to access the keyboard and I click “block”.

CIS 4.1…920

[attachment deleted by admin]

Yes indeed. :o
And automatically sanboxed works too without any warnings.
XP SP3 x32, Proactive, AV stateful, FW/D+ Safe Mode, Sandbox enabled/disabled.

CIS passes the test on my computer. Once I click 'block" it can not be accessed. I get the following error:
“Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.”

are you sure you allow the test.exe to run?

Yes, i can confirm. Test.exe could manage to capture the keystrokes despite of “block” selected for keyboard access alert.

Scenario 1:
→ CIS Proactive Mode + Sandbox Enabled
Result: Not a single alert. Test.exe manages to capture the keystroke successfully.

Scenario 2:
→ CIS Proactive Mode + Sandbox Disabled
2 Alerts
1st Alert (Execution alert) → Clicked “Allow” button
2nd Alert (Keyboard Access alert) → Clicked “Block”
Result: Test.exe manages to capture the keystroke successfully.

Scenario 3:
→ Browser protected with Prevx Safe Online
Result: Passed. Test.exe could not able to capture keystrokes
→ Prevx Safeonline disabled.
Result: Test.exe manages to capture the keystroke successfully.

My System Config - Win 7 64 bit

Could any of the mods confirm the same. And so, devs can take a look.


I did not allow it to run. If I allow it and then block it when it tries to access the keystrokes CIS will fail to stop the test file. I recommend SpyShelter free. I used it and it kills the test dead - >:-D

It just doesn’t make sense if you did not allow test.exe to run.

I actually tested it and allowed test.exe to run. I then told CIS to prevent test.exe from accessing keyboard strokes and it was able to do so, thus CIS fails this test. This is why I also use SpyShelter which will not fail the test.

looks like SpyShelter is good, I hope comodo can block it as soon as possible :wink:

Yep, I can confirm that Comodo fails it, even with the sandbox disabled and in proactive mode. Of course I had to allow it to run itself, but still it shouldn’t fail after I specifically deny it access to the keyboard.

this is happening since v3… nothing new.

I really don’t know why this thread isn’t at BUG REPORTS…

(but seems it doesn’t matter, see how many bugs were announced… I guess they are only messing with v5 now, and we have to wait to see if all 2009-2010 bugs are going to be solved in 2011 - this one (kb+cam+scr) is serious, but that script-bug are the worse.

STILL, CIS IS a very very good piece of costless sw that really do protect you. Not quite close to perfection, but… wait… till v21 at 2020 and see!!!

can any of the mods confirm whether this issue exists in v5 or not. If it exists, then devs can take a look and try to fix it before a public beta…

you have a problem with your cis install harsha_mic, happened to me too, sandbox stopped working. reinstall cis and redo the test. you will see the keylogger will be blocked.

I just tested it in the 2011 version and it does not get blocked.

I was testing with Proactive/Paranoid with both sandbox enabled and disabled. When automatically sandboxed it gets run partially limited and fails.

When running with automatic sandboxing disabled I do get a D+ alert and when I tell to block the direct keyboard access is still fails.

Running the program manually sandboxed it fails with all settings.

I am on Win 7 x86.

God bless KeyScrambler

KeyScrambler didn’t work for me. SpyShelter does, though. :slight_smile:

both (Keyscrambler and SpyShelter) are working correctly, pity that both in full-featured versions are payable :frowning:

Can I jump in here with a question?
A few months ago I installed a program (Mp3 cutter1.01) from…it cuts and trims Mp3s

The other day I began using Comodo CIS and it warned me that it (the Mp3 cutter) wanted to make changes…blah blah…and I just figured that I had been using it for a few months with no issues so I allowed it to run.

I’ve since done numerous scans with MWB … Hit man pro …Threatfire with no problems.

Then I did a Zemana test for keyloggers and CIS caught it, but the warning sounded familiar, so I checked the log and the flags were similar to Mp3 cutter!!?

Install hook …windows/system32/dwmapi.dll
direct keyboard access

the only difference was that the Zemana keylogger test wanted to …access Com Interface

Why would a Mp3 cutter want to access the keyboard directly?

Do you think I have an invisible keylogger inside my Mp3 cutter?
Can it take screen caps?
Ah the paranoia!!

Avira lets this test run yet stops spyshelters. If you disable sandbox,use parental control and clear trusted vendors list nothing runs unless its got a comodo digital certificate. Does white listing work? Not if you get your hands on a digital certificate it doesn’t.

Comodo failing in a test is not new: