Hello all,
I noticed that when running the AKLT AntiKeyLoggerTest application from FirewallLeaktester, that the last test, ‘Screenshot 2’ is not being intercepted by CIS’s Defense+. (It is being intercepted by Snoopfree as kind of keylogger stuff)
(Note that the AKLT application itself was flagged by CIS’s Antivirus as malicious. However it is not a virus, just a kind of leaktest suite, I guess)
Thanks any feedback,
Brgds,
mack
It’s a keylogger, test or no test… in which CAVS (CIS Antivirus) Was Built To Catch 
So CIS Did it’s job for detecting the keylogger…
and so it did not fail the test… if you want to test defense
Go to Defense+>Advance>Defense+ Settings > Monitor Settings>Check Keyboard>Apply
Then Test it again…
CG
EDIT: It May Be in defense+ policy to allow… so i would check that also
Defense+>Advance>Computer Security Policy>(File Name)>Remove>apply
Hello CG,
Thanks for your reply.
CIS Defense+ settings are at maximum (on Paranoid), with all zones able to be monitored, checked.
And Computer security policy has no rule for the AKLT application. Note that Defense+ did flag all other subtests of AKLT, except the last one, ‘Screenshot2’.
On your reasoning: when in the past, in this forum, comments were made on CIS’s or CFP’s results on leaktests such as Matousec’s or other, compared to ‘traditional’ virusscanners or security suites, Comodo’s defenders kind of ridiculed those other ‘traditional suites’’ ‘flagging of the complete leaktest application as a virus’, and for not being able to halt the leaktest itself, which leaktesting is all about.
Surely now that CFP (or CIS now) has an Antivirus module added, and itself has become a suite, it would be intellectually unfair as to not ridicule the same reasoning that 'CIS’s Antivirus component flagged the leaktest application as a whole (before it got the chance to run), so no need to check how Defense+ would be able to intercept the leaktest itself. No?
Anyway, I am very interested in why this ‘Screenshot2’ routine is able to bypass Defense+. Snoopfree seems an old antikeylogger, not been updated for some time, yet it is able to block Screenshot2 method.
Thanks any feedback,
Brgds,
mack
Evening,
For some reason i have received a alert for the screenshot…
Config: Internet Security (For Defense: Image Execution To Aggressive, Monitor Settings (All Checked))
Reply To Your Comment: It’s Not the name of the application that CIS detects, it’s the code/programming the leaktest has inside. that is why CIS added it to be malware… because it has malware coding inside (Whether it’s good or not lol)
CG
Hello CG,
After I changed Image Execution to Aggressive level, still same result.
Which file types other then the standard .exe did you add to the list?
Thanks,
Brgds,
mack
Hi,
i use “Executables GROUP” in “Files To Check”, not only “.exe”. My “Executables Group” has: *.exe; *.dll; *.sys; *.ocx; *.bat; *.pif; *.scr; *.cpl; *.com; *.jar
maybe this help.
Hallo Mack,
When you run AKLT do you get an alert before the splash screen?
[attachment deleted by admin]
Hello AeoniAn, Gibran,
I tried adding those extensions; same result; for Screenshot 2 test I get no warnings
I got no ‘screen access’ warning for Screenshot 2’ test.
It’s really only this last test Screenshot 2 which is failed, not the other ones. And as said earlier also the application itself gets flagged as malware, but that’s not the point I think, I want to find out what’s so special about leaktest ‘Screenshot 2’ which makes CIS miss it…
Brgds,
mack
All AKLT tests are passed just fine.
Before eventually doing a full troubleshooting to possibly find the reason it fails on your PC please switch CIS to COMODO - Proactive Security and let CAVS permanently ignore AKLT once it detects it.
Then please run AKLT.exe and select Treat as Isolated application as soon you receive a D+ alert.
You can change CIS configuration right-clicking on CIS tray icon → Selecting Configuration menu and then choosing COMODO - Proactive Security