Ransomware is able to disable the Task Manager

A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
Every time
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1:I did a double click on the sample, then the sample restriction
2:Then the sample hide desktop,Then I clicked on Alt+Ctrl+Delete But I did not find the option “starting Task Manager”
3:Then I chose “log off”, then was ending all process malware and i rest the sandbox but But the option “task manager” does not work also, if I clicked on “esc+ctrl+shift” Task Manager does not show
One or two sentences explaining what actually happened:
Ransomware is able to disable the Task Manager
One or two sentences explaining what you expected to happen:
Should not be suspicious applications to be able to disable the management tasks
If a software compatibility problem have you tried the advice to make programs work with CIS?:
NA
Any software except CIS/OS involved? If so - name, & exact version:
None
Any other information, eg your guess at the cause, how you tried to fix it etc:

B. YOUR SETUP
Exact CIS version & configuration:
CIS 8.0.0.4337
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
Default configuration
Have you made any other changes to the default config? (egs here.):
No
Have you updated (without uninstall) from CIS 5 or CIS6?:
No
if so, have you tried a a a clean reinstall - if not please do?:
Clean Install
Have you imported a config from a previous version of CIS:
No
if so, have you tried a standard config - if not please do:
NA
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
in real system win 7 x64
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=none b=none

  1. Define “disabled”. What happens if you press on Ctrl+Alt+Del ? Any message box? Please create a screenshot.
  2. Is the mentioned (possible malicious) application rated as “Trusted” upon Lookup? Please create a screenshot
  3. Please provide the sample in a password protected archive.
  4. Is this issue related only to version 8_ ? [[ As for example, past versions (eg version 7_) are not affected. ]]

Thanks.

I’ve tested with version <8.0.0.4344> and it seems like this issue is a duplicate of Bug 1140. Apparently, ‘Task Manager’ was not disabled (real machine is not affected).
You should also note that ‘Task Manager’ was actually launched. (not disabled)

I will work to re-test to verify the case, thank you

SD-Ahmad

I’ll wait for your response on this one.

Thanks.

Hi SD

If you don’t mind since this has been waiting a while I will move to incomplete pending a further update.

If you update it I can move back here or forward for processing.

Kind regards

Mouse1