I noticed that when running the AKLT AntiKeyLoggerTest application from FirewallLeaktester, that the last test, ‘Screenshot 2’ is not being intercepted by CIS’s Defense+. (It is being intercepted by Snoopfree as kind of keylogger stuff)
(Note that the AKLT application itself was flagged by CIS’s Antivirus as malicious. However it is not a virus, just a kind of leaktest suite, I guess)
CIS Defense+ settings are at maximum (on Paranoid), with all zones able to be monitored, checked.
And Computer security policy has no rule for the AKLT application. Note that Defense+ did flag all other subtests of AKLT, except the last one, ‘Screenshot2’.
On your reasoning: when in the past, in this forum, comments were made on CIS’s or CFP’s results on leaktests such as Matousec’s or other, compared to ‘traditional’ virusscanners or security suites, Comodo’s defenders kind of ridiculed those other ‘traditional suites’’ ‘flagging of the complete leaktest application as a virus’, and for not being able to halt the leaktest itself, which leaktesting is all about.
Surely now that CFP (or CIS now) has an Antivirus module added, and itself has become a suite, it would be intellectually unfair as to not ridicule the same reasoning that 'CIS’s Antivirus component flagged the leaktest application as a whole (before it got the chance to run), so no need to check how Defense+ would be able to intercept the leaktest itself. No?
Anyway, I am very interested in why this ‘Screenshot2’ routine is able to bypass Defense+. Snoopfree seems an old antikeylogger, not been updated for some time, yet it is able to block Screenshot2 method.
For some reason i have received a alert for the screenshot…
Config: Internet Security (For Defense: Image Execution To Aggressive, Monitor Settings (All Checked))
Reply To Your Comment: It’s Not the name of the application that CIS detects, it’s the code/programming the leaktest has inside. that is why CIS added it to be malware… because it has malware coding inside (Whether it’s good or not lol)
I tried adding those extensions; same result; for Screenshot 2 test I get no warnings
I got no ‘screen access’ warning for Screenshot 2’ test.
It’s really only this last test Screenshot 2 which is failed, not the other ones. And as said earlier also the application itself gets flagged as malware, but that’s not the point I think, I want to find out what’s so special about leaktest ‘Screenshot 2’ which makes CIS miss it…