Hello Comodo Experts! I just moved to Comodo yesterday and realized this was really amazing. 8) I really love the ultimate customization ability in Defense+.
I am a computer expert who takes security ULTIMATELY serious. I want to customize everything in Comodo. Unlike others, I want Comodo to show me every alerts particular for applications, and I don’t get annoyed because it will be alright after it is fully customized. I’ve set the all the Comodo’s settings to Maximum (eg: Defense+ in paranoid and checked all the security settings in the software)
I don’t know if it’s because I’m new to this software but today I noticed a problem with detection of keyloggers. I made a very basic keylogger using Visual Basic and tested. Comodo didn’t show any alert at all. I had previously put Visual Basic into trusted applications when an alert had popped up and then since Comodo had not shown any alert for keylogging, I removed the program from computer security policy, so it might re-add it when I launch Visual Basic. But it didn’t add. It still didn’t show alert for keylogging.
I then created a standalone program of the keylogger and when it run, Comodo didn’t show any alert and my program can successfully log keyboard and it works like a charm. But if I run that program in sandbox then it CANNOT log keystrokes. But Comodo doesn’t show any alert though. ???
Of course, all the settings in the Defense+ Monitoring is active, including ‘Keyboard’.
All I want is Comodo should produce alerts for every suspicious thing happening in my computer without thinking that I might get annoyed, no I would never get annoyed. Seriously, I’m not a ‘normal’ computer user. ;D
The more the alerts it pops up, the more the happy I am!
Can you submit your keylogger to virus total and post back the link to the results?
I’m curious about which ones are detecting your own keylogger.
You’re in Proactive mode?
Thanks for the replies!
LOL, when I first submitted it to Virus Total, the result was zero, none of them were able to detect. Then, I edited my keylogger so that it will save the logged keystrokes in a file in C:\log.dat. (In the previous version, it could only read the user’s keyboard and store in RAM).
In this second version, virus total showed that it is infected. Isn’t this strange? 88)
Here’s the link to the report of my latest version of keylogger.
But Comodo didn’t show any alert and the keylogger successfully logged when I tested, and the logged keystrokes were also saved in the file by the keylogger. ???
And, yes, I’m in Proactive Security.
And, btw, my keylogger does not have any advanced piece of coding that tries to ‘hide’ itself from any security software. It is a very simple coding.
However, Comodo DOES block the keylogger when I run it in Sandbox. In the Comodo’s log, it was mentioned as, “Direct Keyboard Access”. The keylogger was running in memory. Comodo didn’t show any alert and keyboard could not be logged by the keylogger. But, why doesn’t Comodo do anything If I run it without sandbox?
Hmm, I think I’m worried about this. If my own keylogger doesn’t get detected, I don’t even want to think what it would like when it comes to other keyloggers out there.
Need help badly. Thanks!
When running a script Comodo will allow the script as it will allow the script host to execute a file. It implicitly trusts the script host programs. That behaviour will change with the upcoming CIS 2011.
I’m not sure Eric if this applies for his compiled VB application,
Can you verify if the application is on the Computer Security Policy and if it has keyboard access set to “ask”
If so try to increase the typing speed in the app to see if that triggers the alert…
This is why I thought he was running from a script.