A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
Can U reproduce the problem & if so how reliably?:
Every time.
If U can, exact steps to reproduce. If not, exactly what U did & what happened: 1:Set the sandbox to either Partially Limited or Limited. 2:Run the .bat malware file, which will be provided with this report. 3:After running the malware, it will delete the browser history, delete the cookies, delete the saved browser passwords, delete the toolbar shortcuts, delete the start-menu shortcuts ,killing the internet, relabel the names of hard-drives, and prevent the Comodo task icon from automatically starting with Windows.
and delete User account picture (See the attached images)
If not obvious, what U expected to happen:
Obvious
If a software compatibility problem have U tried the conflict FAQ?:
NA
Any software except CIS/OS involved? If so - name, & exact version:
NA
Any other information, eg your guess at the cause, how U tried to fix it etc:
It does not protect enough locations by default.
Also, txt files and pics are attached to this post which show what the malware can change.
[/ol]
B. YOUR SETUP
[ol]- Exact CIS version & configuration:
CIS 7.0.313494.4115
Have U made any other changes to the default config? (egs here.):
No
Have U updated (without uninstall) from CIS 5 or CIS6?:
No
[li]if so, have U tried a a clean reinstall - if not please do?:
No, Windows was freshly installed
[/li]- Have U imported a config from a previous version of CIS:
No
[li]if so, have U tried a standard config - if not please do:
NA
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
win7,sp1,32bit in real system
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=none b=none
[/ol]
As the malware was sandboxed as Partially Limited there are certain things it is allowed to do. Was it able to do anything which that page says it cannot?
I assume it is allowed to delete files related to the browser, unless they were added to the protected files. Deleting the shortcuts I am not sure. It may be allowed to do that too, but I’m not sure.
Also, can you please find out whether limited prevents this? If not, what about Restricted?
Also limited the files were deleted as partially limited and delete User account picture , but Restricted is Protect Files
and in limited and partially limited is killing the internet
I made some small changes to the first post. Please look over it and make sure I did not make a mistake.
Also, before I forward this I need you to upload the malware to a file sharing site and PM me a download link. Once I have that, and you are let me know that the first post is correct, I will forward this to the devs for consideration. I’m not entirely sure whether this is a bug, or intended behavior under those restriction levels, but I will forward it for consideration anyway.
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may not communicate with you in the forum or by PM/IM, depending on time, availability, and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.
Add some possible faults
1-malware to re-label the default for all sections Harddsk
2-Comodo can not auto-run at startup, but must Operating Manual
malware are very serious and this is what I found him, may have to delete important files
I hope that you ask the staff of Comodo analytical fully
What do you mean by this? Can you please attach a screenshot for explanation?
Do you mean that this malware is able to prevent CIS from auto-starting itself at startup? If so, can you please check if cmdagent is running, even if some other Comodo files are not and let me know?
This has been passed on to the devs. They will investigate this. However, please answer the questions I asked above.
This was named "MIX " ,BUT After running malware has become, as in the picture
Do you mean that this malware is able to prevent CIS from auto-starting itself at startup? If so, can you please check if cmdagent is running, even if some other Comodo files are not and let me know?
Comodo does exist in the startup but not displayed on the desktop