A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
-
Can U reproduce the problem & if so how reliably?:
Yes, every time. -
If U can, exact steps to reproduce. If not, exactly what U did & what happened:
I downloaded a piece of malware, which devs will find attached to this post. (The malware name is video_xxx). Then, after unzipping it, right-click on the executable and select the option to “Run in COMODO Sandbox”. Then, the malware will create a box which it traps the mouse inside. There is no way to get out of this. Even starting task manager does not help as you cannot move the mouse outside the box to kill any processes. The only way to get out is to log off the computer or restart. -
If not obvious, what U expected to happen:
Nothing that happens in the FV sandbox should force the user to log off the computer or restart it. This could have serious consequences if malware is able to do this while the user is working on something important, as anything not saved may be lost. Also, many users may not think to log off the computer, and thus shut down. This guarantees that any work not saved would be lost. -
If a software compatibility problem have U tried the conflict FAQ?:
NA -
Any software except CIS/OS involved? If so - name, & exact version:
NA -
Any other information, eg your guess at the cause, how U tried to fix it etc:
Never allow a box opened by an application running as FV to trap the mouse such that it cannot be used on the real computer. -
Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)
I have attached the diagnostics file (run after logging off and then logging back into the computer) and the KillSwitch process dump (run after logging off and then logging back into the computer).
[/ol]
B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration:
CIS version 6.2.285401.2860
Default Configuration
-
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
Default Configuration
However, I had to disable the AV and the Cloud lookup so it wouldn’t automatically flag the file as dangerous and remove it. -
Have U made any other changes to the default config? (egs here.):
Default Configuration
However, I had to disable the AV and the Cloud lookup so it wouldn’t automatically flag the file as dangerous and remove it. -
Have U updated (without uninstall) from a CIS 5?:
No, this was a clean install.
[li]if so, have U tried a a clean reinstall - if not please do?:
NA
[/li]- Have U imported a config from a previous version of CIS:
No
[li]if so, have U tried a standard config - if not please do:
NA
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 7 x64 (fully updated), UAC disabled, Real System, run as administrator. -
Other security/s’box software a) currently installed b) installed since OS:
a) None b) None
[/ol]
[attachment deleted by admin]