Comodo FireWall 10 [Auto-Containment] security test

unrecognized program in auto-containment able to process spy or monitor

screenshot capture
clipboard monitor
webcam capture
sound record

CFW 10 auto-containment set restriction level = Restricted , however it fail to blocked and risky personal info will be sent out.

CCAV has done goodjob all blocked. I hope CFW will improve sandbox restriction level.tq

AutoContainment deals with isolating malware and making malicious changes temporary.

The features you are wondering about are available inside Secure Shopping feature, in the COMODO Internet
Security Suite

i cant test it…av detect it

I am unable to make this application run at the Restricted level. If I set the restriction level for contained applications to Restricted, I get Partially Limited instead. Verify that the contained application is running at Restricted, not Partially Limited.
Also try it in Proactive Config if you weren’t already, it is more restrictive in terms of HIPS rules and protected objects.

Anyways data-stealing malware can be stopped by blocking outbound connections for the Firewall.

By design for some reason that applications that require administrator privileges / generate UAC prompt, will be restricted as partially limited if containment rule is set to use either limited, restricted, or untrusted restriction levels. This mainly applies to Windows 8 and newer OS as disabling UAC does not get fully turned off as was the case in Windows 7. This only applies to applications that need UAC elevation, so in this case anti-test requires admin rights and will then be ran as partially limited when setting a restriction level.