Comodo Secure Shopping not so secure in ver 10.0.1.6209 [M2209]

A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
Videos speak louder than words, so here it is:

Using Secure Browser in previous CIS version: COMODO Secure Shopping test - YouTube

If you can, exact steps to reproduce. If not, exactly what you did & what happened:
Please check the video

1. Visit a secure shopping website and answer visit with secure browser.
2. Take screenshot or record desktop.
3. Notice screenshot/recorded video you can see website in secure browser instead of black screen.

One or two sentences explaining what actually happened:
Secure shopping should not have allowed the software to capture the window (in any mode).
Especially in the full-blown secure shopping environment (and while there it is a partial bypass
I think it’s still bad)

Please compare CIS 10.0.0.6092 with v10.0.1.6209 and you will see what I am talking about

One or two sentences explaining what you expected to happen:
I expected to see a blank screen when selecting the secure browser… But it was visible.
In previous version the windows would be black and protected form recording applications.

If a software compatibility problem have you tried the advice to make programs work with CIS?:
No.

Any software except CIS/OS involved? If so - name, & exact version:
The video was shot with oCam version 382.
Again, in previous comodo version the windows would be blank and protected. Not the case here, in
10.0.1.6209 version

Any other information, eg your guess at the cause, how you tried to fix it etc:
Tested it and found the bypass.

B. YOUR SETUP
Exact CIS version & configuration:
CIS 10.0.1.6209 with slightly tweaked internet Security config

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
AutoContainment, AV, Firewall, Secure Shopping, VirusScope, Website filtering

Have you made any other changes to the default config? (egs here.):
Yes, but only cosmetic, nothing related to Secure Shopping.

Have you updated (without uninstall) from CIS 5, 6 or 7?:
?
if so, have you tried a a a clean reinstall - if not please do?:
It was a clean comodo install on a clean Windows 10 x64 build 15063 version.

Have you imported a config from a previous version of CIS:
No
if so, have you tried a standard config - if not please do:
N/A
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Win10 x64 build 15063, UAC at default, admin account, no V.Machine

Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=No b=No

Just checked and can confirm same bypass also works with OBS.

Back a while ago I made a video about Secure Shopping in ver 10.0.0.6092 where no such problems
were encountered (all went fine). So you can use it for comparison:

Yep I made the edits and saw in the video how it worked. Does my edits correctly represent the issue?

Yes, that is correct.

Thank you

Do you need any diagnostic logs or anything I can help with?

Technically you’re supposed to always attach config, diagnostic report. But issue is clear i’ll submit it anyways. It may be an issue specific to the new Windows 10 CU. Ill check on Windows 7.

Here are the logs.

sorry for multiple replies, trying now to gather data to help COMODO fix the issue

Thank for reports,
We will be checking it out.

-Thanks
-umesh

Also please note, regarding screenshots only… i have tested and it works (print screen / snipping tool). Only recording software
(OBS, oCam, etc.) can capture the window and they couldn’t do this in previous version.

UPDATE:

Tested it with TeamViewer (connected to my own PC)

Results:

• Secure Browser is initially shown in TeamViewer but then alert pops up on host PC (remote connection alert)
  After I dismiss it and hit Continue, then the windows is black on the other device which is viewing my computer.

So maybe comodo trusts local digitally signed files on the host PC by default (which should not happen for security reasons.)

Taking a print screen and pasting it in paint still shows the contents of the window under Secure Browser, although it is hidden from
view on Teamviewer. Also using oCam, the window is still shown.

So at this point I am a little confused.But still wanted to share it with you, maybe it will help.

Hi cocalaur,
We have tested and screen capture is possible with oCam software in older version of Secure Shopping also.

So we will be fixing in future CIS releases.

Thanks
-umesh

I can also try with a recording software that is not digitally signed and see what happens.
If I can find non digitally signed software.

Also please note that in the previous version of COMODO (the one in which Secure shopping was not
bypassed) I still used oCam to film.

I don’t know exactly… but I think there might be some leak in comodo itself in the latest version that does not
block scren recording software in general. (I have also tested with OBS and the windows were shown)

Perhaps you’re using a different version of mentioned app.

Use a hex editor and add bunch of zeroes at end of file. It will invalidate the signature.

I have used a windows utility to unsign the oCam binary.

Then I ran it (oCam automatically asks admin permissions and I granted the permissions).
I have removed it form auto sandbox, ran it again with admin level, recorded the screen (for secure browser)
and the window can still be seen. :embarassed:

Even after running it in sandbox (Found the video in VTRoot folder), the secure browser windows
can still be captured.

I have tested Secure Shopping with oCam again in 10.0.1.6223 and it still allows the capture of
the secure browser window.

This was the behaviour in previous CIS version (the last in which Secure Browser and Secure Shopping seemed to be properly working):

The last video tests this version:

https://forums.comodo.com/news-announcements-feedback-cis/brand-new-comodo-internet-security-10-hotfix-version-is-released-t117645.0.html

I have tested Secure Shopping with oCam again in 10.0.1.6223 and it still allows the capture of
the secure browser window.

This was the behaviour in previous CIS version (the last in which Secure Browser and Secure Shopping seemed to be properly working):

The last video tests this version:

https://forums.comodo.com/news-announcements-feedback-cis/brand-new-comodo-internet-security-10-hotfix-version-is-released-t117645.0.html

Yeah I didn’t think the fix would make it in this release but should be fixed in a newer release when they have more time to investigate. But thanks for checking.

No problem.

If you put so much work into a good free product, at least I can do is to contribute with my scarce knowledge for help.

Thank you for your follow up.

I will keep you posted for future updates when they arrive and if there is anything you think I can do to help you, please tell me and i will try my best.