In this test Fake AV Security Shield was Autosandboxed but it got installed. The tester ended the fake AV with TaskManager. I want to know instead of ending the fake AV if he would have restarted the system the fake AV would have been there or it would have been gone.
You can’t submit whatever failure, real or supposed, by the means of a social network video. (As far as i am concerned, i shall make a principle of never watching any).
Why don’t you provide the link to the test so everybody is able to test if he wants to on an independent basis?
did he even restart to see if comodo deleted those files that were in sandbox? he should have restarted to see if the rogue would still be there. Since he began to modify CIS he should have optimized CIS fully by having limited/restricted/untrested and not having it by default.
My test:
This rogue is installed also with Limited and Restricted settings.
CIS completely blocks it only with Untrusted option (which I personally always use). :-TU
EDIT: It seems now that CIMA catches it…CloudBehavior.Suspicious…
[at]Valentin: Yes, the test was made on VMware Player 3.1.3
[at]naren: Yes, I restarted the system and it was not active. There is a shortcut in Start>Programs but when I launched it, it got caught by CIMA and vtkrxjszr.exe was erased from ApplicationData folder.
I tested it on VMware Workstation and the fake AV is installed on default settings. I terminated it with KillSwitch and restarted computer. Nothing was there after that. :-TU