1. The full product and its version:
COMODO Internet Security Premium BETA v(8.0.332922.4281)
2. Your Operating System (32 or 64 bit) and ServicePack revision. and if using a virtual machine, which one:
Windows 7 Professional Service Pack 1 (x64) 6.1.7601
Virtual Machine = Yes, VMware Workstation 10.0.3 build-1895310
3. List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?:
No COMODO Dragon, No Geek Buddy, Didn’t use Secure DNS, Didn’t change homepage. All other settings were left at their default state.
4. Did you install over a previous version without uninstalling first, or import a previous configuration file?:
No
5. Other Security, Sandboxing or Utility Software Installed:
VMware Tools v9.6.2, Build-1688356 (No Print Driver)
6. Step by step description to reproduce the issue. Or if you cannot reproduce it, what you actually did before it happened, step by step:
1: Disable AV if installed (This is an auto-sandboxing issue NOT an AV issue)
2: Run malware sample by double clicking.
3: You will notice the malware is not virtualized or restricted at all.
7. What actually happened when you carried out these steps:
The malware was not automatically sandboxed as it should be and infected the VM with no restriction at all.
8. What you expected to see or happen when you carried out these steps, and why (if not obvious):
The malware should have been sandbox and ran virtually instead of having unlimited system access.
9. Any other information:
I have figured out the issue, it is a simple rule issue. Where the threat originates from is the main issue here. In the Auto-Sandbox settings the first Run Virtually rule in the edit window under the “Origin” category is currently set to “Internet” this allows any malware from let’s say a zipped folder or flash drive execute with no restrictions. In my opinion this should be set to “Any”. Please watch the video for more details. If you want the malware sample I’m using I can upload an encrypted password protected copy.
[attachment deleted by admin]