Malware Kills Internet Connection When Sandbxed As Partially Limited [V7][M820]

hi all

1.Virus can deprivation Internet service in Comodo 7 beta

  1. Product version: COMODO Internet Security 7.0.308911.4080 BETA
    3.Operating System:xp3 (x32) runing by virtualbox 4.3.2
    4.Configuration: Default IS configuration
    5.Clean install.
  2. this video It shows
    hips Failed Failed to deal with the files*bat :frowning:

Watch this video:

I could not view the video. Was the HIPS turned on and not the auto-sandbox? Also, was the Virusope on?

What exactly is the file doing? I can see the end result, that the internet no longer works, but how exactly does the .bat file accomplish this?


Is CIS now completely compatible with VirtualBox?

Previously I have read CIS was not fully compatible with VB.

Good point. sd ahmad, could you please try this either on a real system or in VMWare?


Has been testing a version 6 on the real system,no longer works internet :frowning:

Please test it against V7 and see what happens.


Your opening post mention Default IS Config.
HIPS is by default disabled in default IS config. But Autosandbox is there to protect from unknown malware.

Are you running a malware sample & the system is getting infected & internet connection doesn’t works?

If so, plz provide me the sample, I will test & post the results here.

Sample of making my friend ,must discernible permission from my friend

Maybe tomorrow

That’s great to hear. Once you have access to the sample please send a download link to me as well.



Has been re-test by VMWare

Did you get the same result? I could not watch the video. Thank you.

Contact has been disabled in the Internet by Patch

Thank you for confirming that this also happens in VMWare. Could you please retest it and see if different levels of the Behavioral Blocker are able to effectively block this?


sandbox limited

Thank you for testing this. So from what I can see the only level of the Behavioral Blocker which is vulnerable to this is Partially Limited. Therefore, this is technically not a bug. However, I can see this as a possible wish as to how even the default should protect the internet connection from being entirely severed.

Before I can do this can you please share a brief summary of what this malware is doing in order to kill the internet connection?


The virus is based on the destruction of the system and delete all user files, but could not destroy the system only
Contact disable the Internet

So are you saying that it accomplishes this by deleting system files? If so, do you know which files are deleted and where they are located?

Thank you.

I do not know :-[