Hello Comodo Experts! I just moved to Comodo yesterday and realized this was really amazing. 8) I really love the ultimate customization ability in Defense+.
I am a computer expert who takes security ULTIMATELY serious. I want to customize everything in Comodo. Unlike others, I want Comodo to show me every alerts particular for applications, and I donāt get annoyed because it will be alright after it is fully customized. Iāve set the all the Comodoās settings to Maximum (eg: Defense+ in paranoid and checked all the security settings in the software)
I donāt know if itās because Iām new to this software but today I noticed a problem with detection of keyloggers. I made a very basic keylogger using Visual Basic and tested. Comodo didnāt show any alert at all. I had previously put Visual Basic into trusted applications when an alert had popped up and then since Comodo had not shown any alert for keylogging, I removed the program from computer security policy, so it might re-add it when I launch Visual Basic. But it didnāt add. It still didnāt show alert for keylogging.
I then created a standalone program of the keylogger and when it run, Comodo didnāt show any alert and my program can successfully log keyboard and it works like a charm. But if I run that program in sandbox then it CANNOT log keystrokes. But Comodo doesnāt show any alert though. ???
Of course, all the settings in the Defense+ Monitoring is active, including āKeyboardā.
All I want is Comodo should produce alerts for every suspicious thing happening in my computer without thinking that I might get annoyed, no I would never get annoyed. Seriously, Iām not a ānormalā computer user. ;D
The more the alerts it pops up, the more the happy I am!
LOL, when I first submitted it to Virus Total, the result was zero, none of them were able to detect. Then, I edited my keylogger so that it will save the logged keystrokes in a file in C:\log.dat. (In the previous version, it could only read the userās keyboard and store in RAM).
In this second version, virus total showed that it is infected. Isnāt this strange? 88)
Hereās the link to the report of my latest version of keylogger.
But Comodo didnāt show any alert and the keylogger successfully logged when I tested, and the logged keystrokes were also saved in the file by the keylogger. ???
And, yes, Iām in Proactive Security.
And, btw, my keylogger does not have any advanced piece of coding that tries to āhideā itself from any security software. It is a very simple coding.
However, Comodo DOES block the keylogger when I run it in Sandbox. In the Comodoās log, it was mentioned as, āDirect Keyboard Accessā. The keylogger was running in memory. Comodo didnāt show any alert and keyboard could not be logged by the keylogger. But, why doesnāt Comodo do anything If I run it without sandbox?
Hmm, I think Iām worried about this. If my own keylogger doesnāt get detected, I donāt even want to think what it would like when it comes to other keyloggers out there.
When running a script Comodo will allow the script as it will allow the script host to execute a file. It implicitly trusts the script host programs. That behaviour will change with the upcoming CIS 2011.
Iām not sure Eric if this applies for his compiled VB application,
Can you verify if the application is on the Computer Security Policy and if it has keyboard access set to āaskā
If so try to increase the typing speed in the app to see if that triggers the alertā¦
I just moved to Comodo yesterday and realized this was really amazing. 8) I really love the ultimate customization ability in Defense+.