FV Sandboxed Batch File Able To Delete Windows Event Viewer Logs [M685]

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.

  • Can U reproduce the problem & if so how reliably?: Yes, every time.
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
    a: Create batch file to delete event viewer logs with the PSTools program psloglist.exe doing the cleaning.
    b: Run the batch file in full virtualization, either by right clicking and sending to sandbox or let comodo put it in the sandbox when it is unknown.
    c: Leave virtualization and even clear the sandbox, then check the event viewer logs and they are deleted.
  • If not obvious, what U expected to happen: I expected the event viewer logs to not be deleted because it was deleted in the sandbox.
  • If a software compatibility problem have U tried the conflict FAQ?:
  • Any software except CIS/OS involved? If so - name, & exact version:
  • Any other information, eg your guess at the cause, how U tried to fix it etc: When checking the defense logs, it shows the batch file, psloglist.exe, eventviewer.msc, and mmc.exe as being run Fully Vituallized
    [/ol]

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: 6.3.302093.2976, Internet Security Config modified from default

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: Antivirus enabled - Stateful, AutoSandbox disabled, Hips safemode, Firewall customruleset.
  • Have U made any other changes to the default config? (egs here.): HIPS, set popups to verbose mode - enabled, Autosandbox - disabled.
  • Have U updated (without uninstall) from a CIS 5?: NO
    [li]if so, have U tried a a clean reinstall - if not please do?:
    [/li]- Have U imported a config from a previous version of CIS: NO
    [li]if so, have U tried a standard config - if not please do:
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: WinXP SP3 32bit, no UAC, admin account.
  • Other security/s’box software a) currently installed b) installed since OS: a= None, previously had AVG installed but gone now b=
    [/ol]

[attachment deleted by admin]

Please also attach the diagnostics report and the Process List to your first post. These are standard for any bug report, and will allow the developers to understand this issue if it turns out to be specific to your system.

Let me know if you have any questions.

Thank you.

Attached files are:
The report
Process list.csv
Services list.csv
The logs
My configuration
The batch file

Hows that?

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

Well Im glad I could help. Will I be notified via email of any PM’s because I probably wont be on the forum a whole lot to see if I have a PM.

I believe that by default an email is sent to your supplied email address alerting you to any received PM’s, but you can look over your forum settings to make sure.

Can you please check and see if this is fixed with the newest version (7.0.313494.4115)? Please respond to this topic letting us know whether it is fixed or if you are still experiencing the problem.

Thank you.

PM sent.

The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.

If you are able please check with the newest version (CIS version 8.0.0.4337) and let me know if this is fixed on your computer with that version.

Thank you.

I’ve moved this one to “Incomplete Issue Reports” section.

Thanks.