CreateProcess Hook bug in SandBox [NBZ]

Here is an simple example code to explain everything:

void main()
{
SetConsoleTitle(“Bug test demo by wye-MIA kid C!”);
STARTUPINFO startupInfo={0};
PROCESS_INFORMATION ProcessInfo;
char szExe[]=“C:\Program Files\Internet Explorer\iexplore.exe”;

startupInfo.cb = sizeof(STARTUPINFOW);
startupInfo.dwFlags = STARTF_USESHOWWINDOW;
startupInfo.wShowWindow = SW_SHOW;

CreateProcess(0,szExe,0,0,0,0,0,0,&startupInfo,&ProcessInfo);
system("pause");
CreateProcess(szExe,szExe,0,0,0,0,0,0,&startupInfo,&ProcessInfo);

}

In the code,the two CreateProcess should cause two different result of IE.
But , in win7,COMODO 5.0.163652.1142,SandBox on,Paranoid Mode:two CreateProcess will cause the same result.
Whether you turn off the sandbox or turn off the D+, the result will be different.
DEMO download: DEMO.exe - 4.0 KB

We would very much appreciate it if you would edit your first post to create an issue report in line with the bug forum guidelines and format here. You can copy and paste the format from this topic.

To understand the reasons why we ask you to follow these guidelines please see below.

WHY WE ASK YOU TO FOLLOW THESE GUIDELINES
Bugs/issues can be impossible or very time consuming to fix if developers don’t have enough information to reproduce them. Since CIS is free, development time is limited. So if you want your issue fixed, please use the format below to describe it.

To avoid clutter, issues not described in the format below your post will not be moved to the ‘moderator verified’ issues topic. This means that the developers may not look at it.

Best wishes and many thanks in anticipation

Dennis

The bug/issue

  1. What you did:
    Write a process like this:
    void main()
    {
    SetConsoleTitle(“Bug test demo by wye-MIA kid C!”);
    STARTUPINFO startupInfo={0};
    PROCESS_INFORMATION ProcessInfo;
    char szExe[]=“C:\Program Files\Internet Explorer\iexplore.exe”;

    startupInfo.cb = sizeof(STARTUPINFOW);
    startupInfo.dwFlags = STARTF_USESHOWWINDOW;
    startupInfo.wShowWindow = SW_SHOW;

    CreateProcess(0,szExe,0,0,0,0,0,0,&startupInfo,&ProcessInfo);
    system(“pause”);
    CreateProcess(szExe,szExe,0,0,0,0,0,0,&startupInfo,&ProcessInfo);
    }

  2. What actually happened or you actually saw:
    Two times CreateProcess cause two same result on IE.

  3. What you expected to happen or see:
    The right result (different) on IE

  4. How you tried to fix it & what happened:
    Turn off sandbox or D+ then, problem sloved (get two different result)

  5. If its an application compatibility problem have you tried these fixes: No

  6. Details (exact version) of any application involved with download link: DEMO.exe http://uploading.com/files/415mbd86/DEMO.exe/

  7. Whether you can make the problem happen again, and if so precise steps to make it happen: Yes.
    a) run demo, get IE result1
    b) press any key on demo
    c) Get the same result on IE as result1
    d) turn off D+ or sandbox
    e) redo a-c , get two different result

  8. Any other information (eg your guess regarding the cause, with reasons): CreateProcess Hook Bug on sandbox

Files appended:not needed

Your set-up

  1. CIS version, AV database version & configuration used: 5.0.163652.1142,no AV
  2. a) Have you updated (without uninstall) from CIS 3 or 4 b) if so have you tried reinstalling?: Yes, No
  3. a) Have U imported a config from a previous version of CIS, b) if so have U tried a preset config?: No, N/A
  4. Other major changes to the default config (eg ticked ‘block all unknown requests’, other egs here.): No
  5. Defense+ and Sandbox OR Firewall security level: Defenseplus=Paranoid ,Sandbox=enabled
  6. OS version, service pack, bits, UAC setting, & account type: win7 32bit, disabled, Admin account.
  7. Other security and utility software running: no
  8. Virtual machine used: no

Thank you for the bug report. Much appreciated.

Moving to format verified.

Dennis

Correction:
2. What actually happened or you actually saw:
When IE should be open homepage, it opened it self

  1. Whether you can make the problem happen again, and if so precise steps to make it happen: Yes.
    a) run demo, IE opened it self
    b) press any key on demo
    c) IE opened it self
    d) turn off D+ or sandbox
    e) run demo, allow the demo to run IE, IE opened the homepage
    f) press any key on demo
    g) IE opened it self