I just installed CIS 6 today and I’m really impressed with how all the reasons why I left Comodo no longer exist. I left because I got tired of HIPS and Firewall alerts for safe things and because Comodo at the time was refusing to whitelist gaming companies like Blizzard and Valve/Steam. Since I have installed v6 with the default option of minimal alerts, I haven’t been alerted to anything on my system except for an old manager application for Need For Speed 3. That was an alert by the Behavior Blocker/ Sandbox and I just told it to trust the app and all is well. All my other programs have connected and run perfectly with no popups at all and no rules being created for them which I find unnecessary for safe things.
Congratulations Comodo on the good work. CIS is now “ready for prime time”. Heck I could even install it on my ladyfriend’s Vista system currently just using the Vista Firewall and the free Avast and be confident that she would have better protection that would operate just as silently.
I turned on HIPS in safe mode and unchecked the option to not show popups but I’m reading that you really don’t need the HIPS enabled at all if the Behavior Blocker and Sandbox are on. Is this correct?
One more question. In the info about the Kiosk, it says there is a virtual keyboard. Does this mean that your normal keyboard runs in a protected mode or do you have to use the special touch/mouse enabled one that shows in the bar at the bottom?
Correct. You can disable the HIPS unless you want granular control over your programs. However, I would recommend changing the level of the BB to Restricted, as only that protects against all malware I’m aware of.
This virtual keyboard is one which you click on with a mouse. As far as I know the Kiosk does not run your keyboard in a protected mode.
Please let me know if you have any other questions.
There must be some keyboard protection in the Kiosk because I tested it with the Keylogger testing utility AKLT.exe and no keystrokes were recorded in the Kiosk while they all were when outside of the Kiosk.
I’m a bit confused by some of the wording of this statement. Are you saying that no keystrokes were recorded inside the Kiosk when the keylogger was outside the sandbox?
If so, then yes, this is exactly what the sandbox is supposed to do. Nothing inside can communicate with anything outside, and vice versa.
Yes that’s exactly what I meant. So it looks like even if you do get a keylogger in your system, if you are in the Kiosk, it won’t work. That’s the same thing the Safe Zone in Avast does but you have to pay to get it. In this new CIS, it’s free. Gotta love it.
If you happen to get a keylogger running inside the Kiosk though, it could conceivably do its dirty work. Which is why the virtual keyboard is there. It can’t log keystrokes if there are no keystrokes to log.
I can confirm this. Please create a bug report for this as I am nearly 100% sure that this is not intended behavior. Creating a bug report will ensure that the devs fix this problem.
The first time ran the antitest.exe with uac off cis 6 sandboxed and it said it couldn’t grab a keyboard hook
the i closed it and ran it as administrator hips came up and i allwoed to run with full privlege.
went into the kiosk and typed on the virtual keyboard while it was running outside the kiosk with admin rights and it logged nothing on my Windows 8 x64 system.
If you run the the antitest.exe in the virtual kiosk with the virtual keyboard it definitely keylogs. when i clicked the spacer bar on the virtual keyboard the test would end.
see screenshot attached…showing logging in the virtual kiosk action
