Comodo Anti virus not detecting files in kiosk or comodo sandbox. [M270] [v6]

[at]QA - Properly formatted post lower down

A

  1. Yes it seems to happen always with the latest version of Comodo, version 6.0.264710.2708.

  2. Open kiosk or Comodo sandbox, run malicious file that is detected by Comodo, Comodo won’t detect it, run same file in Sandboxie and it will get detected.

  3. Comodo should detect a known piece of malware no matter where its found.

  4. No

  5. I only have sandboxie, Zemana free antikeylogger, adfender and MBAM free edition.

  6. I guess Comodo can’t see in its own sandbox.

  7. attached

B

  1. Comodo Internet Security version 6.0.264710.2708 Internet Security.

  2. Comodo sandbox disabled, HIPS enabled, AV set to block threat, heuristics set to medium, Cloud AV on, Firewall set to Safe Mode.

  3. No

  4. Did a clean reinstall after a Comodo Firewall/Avast AV combo

  5. No

  6. Windows 7 64 bit SP1, UAC off, Admin account

  7. Sandboxie, MBAM free editon, Zemana anti keylogger free

[attachment deleted by admin]

May I give your post a better reading approach:
A. THE BUG/ISSUE (Comodo Anti virus not detecting files in kiosk or comodo sandbox. )
Summary: no real-time detection of malware inside the Kiosk
Can U reproduce the problem & if so how reliably?:Yes it seems to happen always with the latest version of Comodo, version 6.0.264710.2708.

If U can, exact steps to reproduce. If not, exactly what U did & what happened:
Open kiosk or Comodo sandbox, run malicious file that is detected by Comodo, Comodo won’t detect it, run same file in Sandboxie and it will get detected.
If not obvious, what U expected to happen:Comodo should detect a known piece of malware no matter where its found.
If a software compatibility problem have U tried the conflict FAQ?: No
Any software except CIS/OS involved? If so - name, & exact version: I only have sandboxie, Zemana free antikeylogger, adfender and MBAM free edition.

Any other information, eg your guess at the cause, how U tried to fix it etc: I guess Comodo can’t see in its own sandbox
Always attach: Diagnostics file, Watch Activity process list, (dump if freeze/crash). If complex: CIS logs & config, screenshots, video, zipped program (not malware):attached (see prevoiuos post)

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
Exact CIS version & configuration: Comodo Internet Security version 6.0.264710.2708 Internet Security.

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: Comodo sandbox disabled, HIPS enabled, AV set to block threat, heuristics set to medium, Cloud AV on, Firewall set to Safe Mode.

Have U made any other changes to the default config? (egs here.): No
Have U updated (without uninstall) from a previous version of CIS: Did a clean reinstall after a Comodo Firewall/Avast AV combo

if so, have U tried a a clean reinstall - if not please do?: No
Have U imported a config from a previous version of CIS: No
if so, have U tried a standard config - if not please do:
OS version, SP, 32/64 bit, UAC setting, account type, & virtual machine used: Windows 7 64 bit SP1, UAC off, Admin account

Other security/sandbox software a) currently installed:Sandboxie, MBAM free editon, Zemana anti keylogger free
b) installed since OS: None

Whoops sorry forgot to put that stuff there.

Thanks for sorting this out guys, saved me asking :slight_smile:

  1. Could you tell me please what malicious file you used, and explain where to find it.
  2. Could you append your ‘watch activity’ process list please. Screenshot or export.

(Do not append malicious file please for obvious reasons).

Best wishes

Mouse

I read in other thread on the issue https://forums.comodo.com/antivirus-help-cis/is-anyone-elses-comodo-not-detecting-malware-in-real-time-t91296.0.html rhat they tested EICAR test file. Of course, logically, it’s normal CIS AV doesn’t detect it in Kiosk, since it’s outside the PC. Still, when you use SANDBOXIE SOFTWARE, which is still “external to pc” CIS AV detects the malware. I don’t run Comodo but would like to see this fixed before I move towards CIS 6! :smiley:

Just to check, did you use Eicar yourself?

Also, could we have a copy of your Watch Activity process list please, so we can eliminate other complications.

If you can safely do the screenshot or export when your test file is running that would help.

Best wishes

Mouse

I do not use CIS. I use Norton. I’m just helping cheater who detected the bug using EICAR and doesn’t quite know how to post in the bug section. I’d like this bug solved A.S.A.P. and read throughout the forum many members reporting the same. Just run an EICAR file inside the CIS Kiosk, then the same inside the Sandboxed browser with sandboxie and see the difference. >:-D

How do I post said logs? The site can’t upload .csv files. How can I convert it to txt or another file that lets me upload?

Hi cheater87,
Right click on the .csv file and send it to a Compressed (Zipped) folder, then attach the zipped folder.

Here you go. Netbook and laptop files.

[attachment deleted by admin]

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again

Mouse

If its not much trouble can you please tell if said problem could be replicated?

I installed CIS latest version. I saved a .txt file with the EICAR test file string in it in the Kiosk desktop. While it’s true it wasn’t detected at once by CIS I couldn’t access the file:ACCESS DENIED!!! :wink:

Found on malc0de file name is telechargement_1jpj.exe detected in sandboxie, nothing detected while running in Comodo sandboxed browser.

Tested this with Avast as well, not even Avast can detect malware in the Comodo sandbox, when I ran the Eicar file out of the sandboxed browser it was detected.

Yes, but Cheater, even if not detected, the file still is blocked and can’t run upon opening it…! :azn:

Tried running in shared spaces and it indeed wasn’t able to run :slight_smile: Comodo cloud blocked it as well when I ran it.

OK it seems to work fine in 32 bit windows 7, but NOT 64 bit… hmmmm just got back from some AV testing on my netbook (used Avast). Its 32 bit while the 64 bit laptop doesn’t show it.

Please correct me if im wrong but isnt it a good thing that nothing can look into the comodo sandbox.Isnt that the general idea of a sandboxed environment ,that nothing can get out and nothing can get in. :o

Ok, but given you can’t always reset the sandbox because of malfunction of the resetting process, it is crucial CAV blocks malicious files even in the sandbox I think! If I can’t reset the sandbox, my only option is to uninstall CIS 6 with the malware in the sandbox still there and THAT may well STAY and take control of some PC process before I reinstall CIS. I don’t feel well both with the “reset” function bug and this bug on Win 7 64 bits with RT protection in sandbox. I agree though most of the time, you shouldn’t be affected if you surf safe! :slight_smile: