[at]Valentin: Yes, the test was made on VMware Player 3.1.3
[at]naren: Yes, I restarted the system and it was not active. There is a shortcut in Start>Programs but when I launched it, it got caught by CIMA and vtkrxjszr.exe was erased from ApplicationData folder.
So after restart it was not active and it was caught when clicked on the shortcut. Good to hear this. Guess you didn’t exited the rogue with task manager before restart, right?? If it needs to be exited with task manager before restart then its a little prob for average users.
Thanxx
Naren
Edit - Today watched a test on MSE 2 & it detected & removed this fake AV.
So just to make sure, with default configuration, after a restart the malware application was not active, right?
Comodo Internet Security Review - YouTube
In this test Fake AV Security Shield was Autosandboxed but it got installed. The tester ended the fake AV with TaskManager. I want to know instead of ending the fake AV if he would have restarted the system the fake AV would have been there or it would have been gone.
Thanxx
Naren
He missed with the settings and he didn’t restart…
Stelian
January 14, 2011, 1:41pm
26
Good test…Comodo idea to Deny the Unknown is very good…almost nothing can go thru CIS. :-TU
GOA
January 14, 2011, 9:55pm
27
The next video:
and a second video from another youtube-user:
GOA
January 15, 2011, 9:40pm
28
Too much malware for Comodo ? ( only Defense+ and sandbox )
Comodo Firewall 5.3 prevention test
Here’s my response to these type of tests, after the computer was restarted that is. ;D
He, and most others, seem to forget the purpose of the sandbox (especially under Partially Limited). It is not meant to stop malware from dropping files onto your computer. This is allowed. Therefore scanning for malicious files on the computer doesn’t correctly test its effectiveness.
What it should be preventing, after a restart, is any malware running on your computer. Thus checking the running processes for malware would be a good test. KillSwitch could be used for this.
Another thing that shouldn’t be allowed to work are rootkits. Thus scanning for hidden files would be a good test. Finding a dropped file that is identified as a rootkit doesn’t mean that the sandbox failed because it likely wasn’t actually acting as a rootkit at the time.