CIS fails with Ardamax Keylogger running partially limited?

comodo failed
custom firewall (an alert was generated)
proactive security
BB active (partially restricted)
HIPS disabled
antivirus disabled (it was necessary for the test)

were captured screen, keyboard, applications.

Hello Liosant. I took a look at your video and downloaded the trial version of Ardamax Keylogging program. I noticed the program is white listed by D+ and also seen as a malware by the AV.

I assume you moved the Ardamax executable to the Unrecognised Files list to force it to get sandboxed by the Behaviour Blocker.

When running in the BB background key logging should not be possible and neither should screen capturing be allowed. However when I look at the properties of the Ardamax executable it is set to open in Normal Window (not minimized). See attached image. May be that’s why it is allowed to key log because it is not seen as background program? It does not explain why it can take screenshots.

[attachment deleted by admin]

Why is it whitelisted?

I’m doing the procedure that criminals do on the internet where I live, as most links containing malware (Ardamax keylogger), so even ardamax keylogger is very used for bank robberies, email, etc…
1 usually the criminal sends us an email containing Ardamax in an alleged slip or program file that download pirate out there;
2 warn that it is necessary to disable the protections against malware, in case of pirated software. As you know whether in countries of 1st or 3rd world there are always heedless;
3 simularei exactly how the victims are in south america it is common!
4 note that comodo internet security keyloggers leaves of the files even though the blocker enabled behavior does not isolate one of the files. image 2
5 the behavior blocker was active, and see the image as I posted it here… 3ª image
6 the behavior blocker, should not have blocked all process?
7 one User layman would be completely unprotected even for a few minutes, hours which would bring losses
8 the 4th picture shows that the BB does not lock the file just the sending of sensitive data.

step by step of what I did (comodo fail):

[attachment deleted by admin]

If it’s still whitelisted please report it in this topic as I don’t believe that any keyloggers are meant to be whitelisted.

Thanks.