A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
-
Can U reproduce the problem & if so how reliably?:
Yes, I can reproduce this every time. -
If U can, exact steps to reproduce. If not, exactly what U did & what happened:
Change the configuration to Proactive. This should make sure the Firewall is at maximum settings.
Then, downloaded the leaktest from this page. When Right click on it and select the option to “Run in COMODO Sandbox”. If this is done you get no Firewall alert. The leaktest is able to successfully bypass the Firewall and transmit your information to the internet.
On my computer the default browser was Comodo Dragon. Thus, the exploit automatically opened the test window in Comodo Dragon. Note that this happens even if Comodo Dragon is not open either on the real computer or in the FV Sandbox. (I do not believe that this exploit is specific to Comodo Dragon, but as I have not personally tested it with other browsers I am noting this).
This is especially worrisome as it is currently also possible for keyloggers running in the FV Sandbox to log information from the real computer, as detailed in this bug report.
By the way, a discussion about this leaktest (under various BB settings on the real computer) can be found here.
-
If not obvious, what U expected to happen:
There should be some way for the user to prevent sandboxed applications from being able to transmit collected information to the internet. -
If a software compatibility problem have U tried the conflict FAQ?:
NA -
Any software except CIS/OS involved? If so - name, & exact version:
NA -
Any other information, eg your guess at the cause, how U tried to fix it etc:
Perhaps the Firewall component is not yet working correctly inside the FV Sandbox. Either way, there has to be a way to block this vulnerability or many people will continue to be wary about using the FV sandbox. -
Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)
I have attached the diagnostics and KillSwitch Process dump. Please let me know if other attachments would be helpful.
[/ol]
B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration:
CIS version 6.1.275152.2801
Proactive Configuration
-
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
The only change I made was that I switched from the default configuration to proactive (and yes, I did restart the computer after making the change) -
Have U made any other changes to the default config? (egs here.):
The only change I made was that I switched from the default configuration to proactive (and yes, I did restart the computer after making the change) -
Have U updated (without uninstall) from a CIS 5?:
No, this was a clean install.
[li]if so, have U tried a a clean reinstall - if not please do?:
NA
[/li]- Have U imported a config from a previous version of CIS:
No
[li]if so, have U tried a standard config - if not please do:
NA
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 7 x64 (fully updated), UAC disabled, Real System, run as administrator. -
Other security/s’box software a) currently installed b) installed since OS:
None
[/ol]
[attachment deleted by admin]
