The problem is still the same… CIS 7 fails the screenshot keylogging test when set on “untrusted”, but passes it if set on “resticted” (even if “untrusted” should provide more security).
Thanks for checking this. I have updated the tracker.
Hi Chiron,
I tested with the tool and I can make screenshots with the default settings of CIS. File is in the unrecognized list now but did not sandboxed.
Just inform to you.
Thanks,
yigido
Do you mean that SpyShelter was not sandboxed at all, or just that screen capture was allowed?
Also, which version of CIS are you currently using?
Thanks.
I am testing beta v8 in my real machine. Spyshelter test tool did not sandboxed and screen capturing is done with default settings of CIS v8. All tests in the tool can pass CIS v8 with default settings.
If I’m not wrong it’s downloaded as a zip file. Please see this bug report to understand why it’s not sandboxed. It’s a separate bug.
In order to correctly test this you would need to upload the executable to a file sharing site without putting it in a zip folder or anything similar. Then download that executable and try to run it. Let me know if you have any questions.
Thanks.
Here is the video that shows. File was added to unrecognized list by CIS but CIS did not sandbox it.
[attachment deleted by admin]
I’m sorry, but I think you’ve now hit on one of the other major bugs reported. This one can be found here. If the browser is not listed in the very small list of browsers listed in the Web Browser file group, nothing downloaded through it will be virtualized.
Currently I believe only Firefox, Internet Explorer, Chrome, Opera, Safari, and Maxton are included. If I have made a mistake about this, can someone please correct me?
Please retest with one of the listed browsers and let me know what you find.
Thanks.
Here, I tested with Dragon(latest)
[attachment deleted by admin]
Okay, I’m not sure what’s going on. It seems to me like it may be a new bug. Please create a new bug report for this in the Beta section.
Thank you.
Does anybody know if this has already been fixed in the second CIS V8 Beta? This bug has been submited when dinosaurs walked on Earth and nothing happened till this day, this is a serious security issue for users of Untrusted Auto-Sandbox level, should have been fixed ages ago. :-TD
I’m actually not sure about this one. Can someone please check this with the newest Beta and reply back to this post to let me know if it is fixed or not?
Thanks.
The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.
If you are able please check with the newest version (CIS version 8.0.0.4337) and let me know if this is fixed on your computer with that version.
Thank you.
The bug is still there and I think it’s getting worse… all the screenshot tests fail now… :-TD
I have CIS 8 in proactive security mode, HIPS enabled as “Safe”, auto-sandbox enabled and i added a rule to block all the unknown applications.
When i start Spyshelter test I get the pop-up. But if I allow it, then the screenshot tests fail.
I’ve updated tracker data.
Thank you.
I have just noticed that my set up for CIS 8 is a bit different than the one i used on CIS 7.
Tonight I’ll try to check this again by changing the set up from “Block” to “Run Restricted → Untrusted”
Nope, either “Block” or “Run Restricted” will fail the test.
As I said, when you click on the file, you get the pop-up that it has been sandboxed. But if you check “Don’t sandbox again” and then re-run the file, it will fail all the tests.
Only with “Run Virtualized” you can pass the screenshot tests 1b, 2b, 3b, 4b,5b and 6, but the other fail as well.
Any suggestion???
EDIT
If I disable the Auto-Sandbox, I get a HIPS pop-up alert when I try to run any test. If I click on “Block”, I can pass every test
This Bug was submitted 2 yeras ago. Was this bug already fixed in the latest CIS V8?
Yes this is fixed if I remember correctly there was an issue where screen capture was possible when sandboxed as untrusted but was fixed in version 8.1 and that any further “fails” was because clicking “Don’t sandbox again” instructed CIS to add the application to the trusted file list which will allow the test to whatever it wanted because it was defined as trusted by the user.