Hello I am not a tester just trying stuff out on a VM to check out the new beta when I got a piece of malware that wasn’t detected by CIS 5 Beta 2. It wasn’t detected by the AV no elerts from the D+ and it was not Sandboxed. I can Provide the file as well as screen shots. I just don’t want to attach it, becuase don’t want other people getting it and infecting themselves. I have submited it through CIS to comodo and also here is the virustotal report. On the Active process list it does say Suspicious but it seems to run freely.
Comodo also left some files after a clean up test I did. (Different VM) Unfortunatly for this infection the files were already cleaned up or I could have submited them
EDIT: Also noticed something strange the malware seems to be masquerading as bitdefender mangment console. Also attached screen shot for that.
EDIT: I tried executing the malware outside of its original directory and it would not run on desktop. It would run sandboxed if it was just in the C:\Users\Test\AppData and C:\Users\Test\AppData\Roaming. It would not get sandboxed it is run from its original location. It did throw up a firewall warning a few times that I ran it from the folder, but only once and never again.
I have the sandbox enabled I double checked tried turning it on and off as well. I thought that was just a per process thing that would only be enabled for it being executed in teh sandbox. If my sand box is off it may just be a bug about it not turnign back on, but I tried running other files and they were sandboxed and the yellow sandbox alert poped up.
EDIT: Yea that is how it works and it is supposed to say disabled for unsandboxed applications I just triend it with sandboxing IE. If it were sand box it would say Untrusted/Partially Limited/Limited/etc.
EDIT 2: It seems its making connections also so I took a screenshot of those.