Limited & Restricted block screenshot but Fully Virtualized does not [M401] [v6]

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.

  • Can U reproduce the problem & if so how reliably?: Yes, always.
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened: Simply try the Spyshelter test at various restriction levels (all levels of BB’s automatic plus manual sandboxing via CIS interface/context menu) and observe the terrible results.
  • If not obvious, what U expected to happen: Obvious, I expected all levels above Limited to successfully block the screen capture attempts.
  • If a software compatibility problem have U tried the conflict FAQ?: Can’t see how this could be a compatibility program, even more considering the number of people that have reported the same bug since circa 2010 (earliest reports of this bug I’ve seen).
  • Any software except CIS/OS involved? If so - name, & exact version: I think not.
  • Any other information, eg your guess at the cause, how U tried to fix it etc: The results are not influenced by HIPS being on or off.
  • Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)
    [/ol]

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: 6.1.276867.2813, Proactive

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: BB, HIPS (see A.7), FW and AV
  • Have U made any other changes to the default config? (egs here.): Yes, but the results were the same using default Proactive.
  • Have U updated (without uninstall) from a CIS 5?: No.
    [li]if so, have U tried a a clean reinstall - if not please do?: Yes, to no avail.
    [/li]- Have U imported a config from a previous version of CIS: No.
    [li]if so, have U tried a standard config - if not please do: Yes, even tried importing it directly from the installation folder before the clean reinstall.
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: Win 7, SP1, 64-bit, UAC off, admin account, no VM
  • Other security/s’box software a) currently installed b) installed since OS: a= b=
    [/ol]

[attachment deleted by admin]

Thank you very much for your bug report in standard format. We very much appreciate the effort you have made to document this bug.

We are sorry to trouble you further but there are some items of information missing or unclear in your post:

B.7 Other security/s’box software a) currently installed b) installed since OS: a= b=

The reasons we need these items of information, though they may not seem directly relevant to the issue are explained here.

We would be very grateful if you would add these items of information so we can forward this post to the format verified board, where it is more likely to get fixed. You can find assistance using red links in the Format and here. If you need further help please ask a mod. If you do not add the information after a week we will forward this post to the non-format board. If this happens we will tell you how to rectify this if you wish to.

In the current process we will normally leave it up to you whether you want to make a report which includes all necessary information or not. We may remind you if we think a bug of particular importance.

Many thanks again

Mouse

The bug was seen under the following configurations:

  1. Only CIS
  2. CIS (AV real-time disabled) + Baidu AV
  3. CIS (AV real-time disabled) + Bitdefender Free AV

Security-related applications that have been running all along (in all cases):

  1. WinPatrol
  2. MJ RegWatcher (“Accept” mode, ie logging only)

This applies also to the related “Untrusted” bug.

If you wish to have more info on this, it may be a good idea to ask on this thread what programs were in parallel use by the other reporters to narrow-down any compatibility issues.

This is NOT a bug.

because of the “spyshelter → foreground window”

Would you please explain better?

For the “partially limited” and the “fully virtualized”,

foregrond window → allow

background application → block

Yet it could still be a problem, if not a bug. It doesn’t make much sense for the highest isolation level to provide less coverage than two other lower levels.

Here I’m agree with you, I also feel the same about FV

I understand there may be situations in which you would want an isolated application to be able to generate screenshots, but maybe this should be made flexible (user choice/configuration).

I will forward this for them to think about. :slight_smile:

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again

Mouse

Can you please check and see if this is fixed for CIS V 6.2.282872.2847?

Thank you. PM sent.

Not fixed as of v6.2.282872.2847.

Thank you for checking this.

I have updated the tracker.

I have received feedback from the devs that apparently this is by design. Foreground screen access is allowed in partially limited or fully virtualized.

Thus, I will move this to Resolved. Please create a wish for this.

Thank you.