A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
Can U reproduce the problem & if so how reliably?:
If U can, exact steps to reproduce. If not, exactly what U did & what happened: 1:Start up Windows XP and install CIS. Keep the settings default. 2:Double-click the malware file, which will be sandboxed as Partially Limited. 3:The hacker is then able to open any program on the computer. They can also open pictures, my computer, etc… Also, they can record everything that happens on the desktop. 4:This information is also able to be transmitted, as the Firewall allows the malware to communicate. 5:If the same procedure is followed in Windows 7 there is no breach. The patch does not work.
If not obvious, what U expected to happen:
Just as happens on Windows 7, on Windows XP the patch should not be allowed to control, in any way, parts of the computer.
If a software compatibility problem have U tried the conflict FAQ?:
Any software except CIS/OS involved? If so - name, & exact version:
Any other information, eg your guess at the cause, how U tried to fix it etc:
Video showing what happens when run on Windows XP (43 min) : ahmad 23
Video showing what happens when run on Windows 7 (2 min): ahmad 24
The sample was made by program nijRAT and Encryption has been Microsoft Visual Studio 2010 using the code EnterPoint of encryption with Algorithms RC4
B. YOUR SETUP
[ol]- Exact CIS version & configuration:
Have U made any other changes to the default config? (egs here.):
Have U updated (without uninstall) from CIS 5 or CIS6?:
[li]if so, have U tried a a clean reinstall - if not please do?:
I have done a clean install, including running the removal tools in Safe Mode after normal install.
[/li]- Have U imported a config from a previous version of CIS:
[li]if so, have U tried a standard config - if not please do:
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows XP x32, Service Pack 3 on real system with Limited Account, UAC default
Windows 7 x32, service pack 1 on real system with Limited Account, UAC default
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
Has Windows XP been tested on a real system? The reason I ask is that I know that there are some issues with VirtualBox, whereas some of the protections built into CIS do not function correctly inside VirtualBox.
Thus, in order to forward this to the devs this will have to be tested with Windows XP x32 on a real system.
In that case please send me a PM with a download link for the malware (and any instructions which would be helpful for the devs to test it). I can then forward this to the devs and add this issue to the tracker.
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.