A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
Can U reproduce the problem & if so how reliably?:
Every time.
If U can, exact steps to reproduce. If not, exactly what U did & what happened: 1:Start up Windows XP and install CIS. Keep the settings default. 2:Double-click the malware file, which will be sandboxed as Partially Limited. 3:The hacker is then able to open any program on the computer. They can also open pictures, my computer, etc… Also, they can record everything that happens on the desktop. 4:This information is also able to be transmitted, as the Firewall allows the malware to communicate. 5:If the same procedure is followed in Windows 7 there is no breach. The patch does not work.
If not obvious, what U expected to happen:
Just as happens on Windows 7, on Windows XP the patch should not be allowed to control, in any way, parts of the computer.
If a software compatibility problem have U tried the conflict FAQ?:
NA
Any software except CIS/OS involved? If so - name, & exact version:
NA
Any other information, eg your guess at the cause, how U tried to fix it etc:
Video showing what happens when run on Windows XP (43 min) : ahmad 23
Video showing what happens when run on Windows 7 (2 min): ahmad 24
The sample was made by program nijRAT and Encryption has been Microsoft Visual Studio 2010 using the code EnterPoint of encryption with Algorithms RC4
[/ol]
B. YOUR SETUP
[ol]- Exact CIS version & configuration:
CIS 7.0.317799.4142
Have U made any other changes to the default config? (egs here.):
No
Have U updated (without uninstall) from CIS 5 or CIS6?:
No
[li]if so, have U tried a a clean reinstall - if not please do?:
I have done a clean install, including running the removal tools in Safe Mode after normal install.
[/li]- Have U imported a config from a previous version of CIS:
No
[li]if so, have U tried a standard config - if not please do:
No
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows XP x32, Service Pack 3 on real system with Limited Account, UAC default
Windows 7 x32, service pack 1 on real system with Limited Account, UAC default
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=none b=none
[/ol]
I have watched the Windows 7 file, and skimmed through parts of the XP one. Can you please summarize, in sentences, what sort of actions your friend was able to perform? Even a bulleted list would do.
n xp the patch can Create files and open any program on the computer, such as the browser, pictures,and my computer olso Recording everything that happens on the desktop
Has Windows XP been tested on a real system? The reason I ask is that I know that there are some issues with VirtualBox, whereas some of the protections built into CIS do not function correctly inside VirtualBox.
Thus, in order to forward this to the devs this will have to be tested with Windows XP x32 on a real system.
Thank you. I have edited the first post. Please look it over and make sure that everything is correct.
Also, please tell me what level of UAC you are using on the XP system.
Also, please create a diagnostics report on the XP system and attach it to your first post.
Now that you mention it, it is also important to know whether it’s an admin account or Limited. Also, if it is Admin, was it admin for Windows 7 as well?
In addition, what I was trying to ask is whether UAC is turned on or off for that computer.
Also, please do create and attach that diagnostics report from the XP computer.
Thank you. I was a little confused in your reply. However, I edited the first post the way I believe you said it should be. Please look it over and let me know if everything is correct.
Also, please do create and attach the diagnostics file from the XP computer.
In that case please send me a PM with a download link for the malware (and any instructions which would be helpful for the devs to test it). I can then forward this to the devs and add this issue to the tracker.
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.
The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.
If you are able please check with the newest version (CIS version 8.0.0.4337) and let me know if this is fixed on your computer with that version.
The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.
If you are able please check with the newest version (CIS version 8.1.0.4426) and let me know if this is fixed on your computer with that version.
