Many tests are fooled by the sandbox and reported with “vulnerable” result whereas they should have been reported as “Protected”.
[b]Leaktests fooled by File virtualization[/b]
5. Invasion: Runner Vulnerable
Tries to replace default browser executable with a different one to exploit an existing firewall policy.
Actual Result: it drops the actual/true browser executable into sandbox subfolder
8. Invasion: FileDrop Vulnerable
Tries to drop test.exe into %windir%\system and %windir%\system32.
Actual result: It drop test executables into sandbox subfolder
[b]Leaktests fooled by Registry virtualization[/b]
27. Hijacking: WinlogonNotify Vulnerable
Actual result: Redirected to registry sandbox. Fail to write real HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain\DllName
28. Hijacking: Userinit Vulnerable
Actual result: Redirected to registry sandbox. Fail to write real HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
29. Hijacking: UIHost Vulnerable
Actual result: Redirected to registry sandbox. Fail to write real HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
30. Hijacking: SupersedeServiceDll Vulnerable
Actual result: Redirected to registry sandbox. Fail to write real HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sens\parameters\servicedll
31. Hijacking: StartupPrograms Vulnerable
Actual result: Redirected to registry sandbox. Fail to write real HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
32. Hijacking: ChangeDebuggerPath Vulnerable
Actual result: Redirected to registry sandbox. Fail to write real HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug