injection dll

CPU : 64bit
Operating System information : windows 7 64b
Actively-running security and utility applications : only comodo internet security v4. and the lastone from this post.

Brief description of your Defense+ and Firewall+ mode (Custom, Train with safe):
mode proactive mode + defense + trusted app.
Uac ? off , and windows in admin

another post :
https://forums.comodo.com/leak-testingattacksvulnerability-research/injecting-dll-in-process-before-the-executables-t55999.0.html

What is this ? it inject manas.dll to war3.exe ,
What do you need for reproduce it ?
Manabars.exe + manas.dll in the same folders! + warcraft III in version 1.24e , it maybe work with others version dont know.
how to reproduce it ?
Run manabars.exe , run warcraft iii , go in game and if you see blue bar at down of hero , it is suscefully injected into it.
what i report it ?
Comodo is just bypassed ,
with sandbox , it give a alerts , do u want to launch it in admin ? " i say yes , no alerts , it is inject ,"
without sandbox , i run the manabar.exe and give not alert , but it is injected.

a review : http://www.dailymotion.com/video/xd5o9r_comodo-bypassed_tech
I run it first time , go in game , and see the screen
i off war3.exe , i run manabars.exe , i accept this alerts , and … i run war3.exe , and it is injected .

[attachment deleted by admin]

With the configuration set to ‘Proactive Configuration’ and the Sandbox disabled I receive a popup from Defense+ asking if I should allow the program to continue. Thus Defense+ is not bypassed by this application, but maybe the Sandbox is.

I cannot fully test this out as I do not have WOW installed on my computer, but I can confirm that neither the executable or its associated dll is trusted by Comodo at this point.

Can someone who has WOW installed test this to see if it bypasses the Sandbox.

I checked both of these files against virustotal and they were detected by 0 scanners, so they appear to not be malicious.

This application cannot be analyzed without the associated dll file thus I couldn’t post a CIMA or Anubis report as I wanted.

defense+ is bypassed , do not give alerts ,
the sandbox give a alerts " want to run as admin " all user are allowing this alerts at all.
and the game is not wow … its warcraft 3 a different game from blizzard…

Same OS: My Defense+ is not bypassed…

http://www.ld-host.de/uploads/thumbnails/c426abdd61b02e5436935ef381717563.png

http://www.ld-host.de/uploads/thumbnails/4335378f6ebd7c6dbd733908b3a7ae2c.png

For me , it do not give any alerts.
are u runing it in paranoia ?

No, safe mode, proactive profile and sandbox off. :slight_smile:

I reinstalled comodo is ,and still no alerts.
My question is : can i be vulnerable vs somes other methods…
edit : I tried ctl.exe the leaktest , and got 340/340 …

Try to add manabar.exe and mana in a different folders , if it detect the injection , and run warcraft

Sorry, I don’t understand what you mean. ???