A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
Can U reproduce the problem & if so how reliably?:
Yes, every time. But sometimes what happens in between running the leaktest as FV and the Shut Down of the computer changes.
If U can, exact steps to reproduce. If not, exactly what U did & what happened:
To see this behavior first download the leaktest from this page. Then, after unzipping it, right-click on regtest.exe and choose the option to “Run in COMODO Sandbox”. At this point you should click the button labeled “Test 1 Introduction”. Then click “Start Test 1” and let it complete its tests. Once it’s done with these tests it will let you click on “Test 2 Introduction”. Once you’re on that page, click the button for “Start Test 2”.
At this point the leaktest will start making all sorts of trouble for the real system. The first time I ran it it logged me off and started stirring up a lot of trouble on the real system, but nothing permanent. This ended with the computer being automatically shut down. The second time I ran it the leaktest just shut down the computer. Luckily, both times, upon restart the app was not able to automatically run.
If not obvious, what U expected to happen:
An app run inside the sandbox should not be able to cause trouble on the real system. It should also not be able to shut down the computer.
If a software compatibility problem have U tried the conflict FAQ?:
NA
Any software except CIS/OS involved? If so - name, & exact version:
NA
Any other information, eg your guess at the cause, how U tried to fix it etc:
I do not have an idea of what causes this vulnerability.
Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)
I have attached a diagnostics report and a KillSwitch process dump (both of which were done upon restart of computer). Please let me know if it would be helpful to provide any other attachments.
[/ol]
B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration:
CIS version 6.1.275152.2801
Default Configuration
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
Default Configuration
However, I had to disable the AV and the Cloud lookup so it wouldn’t automatically flag the file as dangerous and remove it.
Have U made any other changes to the default config? (egs here.):
Default Configuration
However, I had to disable the AV and the Cloud lookup so it wouldn’t automatically flag the file as dangerous and remove it.
Have U updated (without uninstall) from a CIS 5?:
No, this was a clean install.
[li]if so, have U tried a a clean reinstall - if not please do?:
NA
[/li]- Have U imported a config from a previous version of CIS:
No
[li]if so, have U tried a standard config - if not please do:
NA
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 7 x64 (fully updated), UAC disabled, Real System, run as administrator.
Other security/s’box software a) currently installed b) installed since OS: a)
None b) none
[/ol]
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.
At least not entirely fixed with CIS version 6.1.276867.2813.
I don’t know if the leak-test just sometimes causes different effects, as I haven’t tested it often, or if the sandbox has been improved. However, this time when I ran it the computer wasn’t restarted. Here’s what happened.
It opened up new windows and showed the scroll view including the run window. I didn’t see any green borders around these windows, but I’m not sure. Then, it logged me out (which I’m sure it shouldn’t be able to do).
I logged back in.
Then it logged me out again.
I logged back in and this time everything appeared fine.
I’m really not sure what’s going on with this leaktest, but as it was successfully able to log me out (twice), there is obviously still an issue.
It would be very helpful if someone else could verify that this leaktest affects their system as well, to make sure that it isn’t specific to something on my system.
Test1 was normal.
After starting Test 2, there were many windows opening randomly and quickly (without green border), there was no time to open killswitch to see if they were sandboxed or not as system immediately logged off.
I logged back in but explorer.exe was not running. Regtest.exe was still running and using most of my CPU and Disk I/O. Still there were many windows open (task manager, windows help, etc.,)
I have received feedback from the devs that they have confirmed this bug and that it will be fixed (although there are no promises as to when the fix will be available).
Tried running this in the Kiosk with the CIS BETA and it will not even work. I wonder if Comodo fixed it or if my computer is just not working correctly.
