Partially limited policy cannot block some keyloggers and screengrabbers

A. THE BUG/ISSUE

  1. What you did: I test comodo sandbox with the anti-logger test.
  2. What actually happened or you actually saw: Only the sandbox level,“partially limited”,can not block them.
  3. What you expected to happen or see: CIS sandbox with “partially limited” can block loggers.
  4. How you tried to fix it & what happened: None
  5. If a software compatibility problem have U tried the compatibility fixes (link in format)?: No
  6. Details & exact version of any software (except CIS) involved (with download link unless malware): Please see screenshots
  7. Whether you can make the problem happen again, and if so precise steps to make it happen: Yes.
    a) open the anti-logger test program
    b) it is sandboxed as partially limited
    c) check keylog, screenshot, and clipboard logger
    d) sandbox can not block them
  8. Any other information (eg your guess regarding the cause, with reasons):
    D+ does not block “access the keyboard” and “access the computer monitor” when the sandbox level is “partially limited”

B. FILES APPENDED. (Please zip unless screenshots).

  1. Screenshots of the Defense plus Active Processes List (Required for all issues):


2. Screenshots illustrating the bug:
keylogger:

screen logger:

clipboard logger:

  1. Screenshots of related CIS event logs: Not appended.
  2. A CIS config report or file: Not appended.
  3. Crash or freeze dump file: Not appended
  4. Screenshot of More~About page. Can be used instead of typed product and AV database version: Not appended.

C. YOUR SETUP

  1. CIS version, AV database version & configuration: 5.8.213334.2131,10780, CIS
  2. a) Have you updated (without uninstall) from a previous version of CIS: No
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: Yes
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?: Yes
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): Yes, disable the antivirus
  5. Defense+, Sandbox, Firewall & AV security levels: D+=Safe, Sandbox=Enabled, Firewall=Safe, AV=Disabled
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows XP, SP3 32bit, No Uac, Admin
  7. Other security and utility software currently installed: CIS only
  8. Other security software previously installed at any time since Windows was last installed*:None
  9. Virtual machine used (Please do NOT use Virtual box): none

Thank you very much for your bug report in standard format. It is much appreciated

Unfortunately the following items of required information missing from your post

  • C.4 Please state what major changes you have made to the configuration
  • B.1 Please append a screenshot of your active processes list
  • [Edit: Number of bits of OS - I assume 32 as its XP?]

This information will be used by developers to eliminate causes specific to you machine or help them replicate the bug.

We would be grateful if you would add these items of information so we can forward this post to the format verified board. You can find assistance using red links in the format and here - if you need further help please ask a mod. If you do not add the information after a week we will forward this post to the non-format board. If this happens we will tell you how to rectify this if you wish to. Developers may look at the issue in the non-format board, and may fix it.

Best wishes and many thanks again

Mouse

Thanks very much, forwarding to format verified

A complete active process list without the dialog boxes would be preferable if you would not mind adding it, but I’ll forward anyway

Mike

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again

Mouse

Haven’t fixed in CIS 5.9.221665.2197 ???