Sad: No progress with the x64 HIPS of CIS

Hello,
version 4 of CIS didn’t improve anything regarding passing leaktests on Windows Vista or Seven x64.
Still it doesn’t block the Matousec SSTS tests regarding:
-keylogging
-DLL injections (global hooks)
-window messages
-OLE automation
-DDE

It fails these tests (incomplete list but should include ~all techniques):
kill3f (example for window messages)
keylog1 (keylogging)
breakout1
cpilsuite2 (Outpost warns about global hook)
ddetest
flank
osfwbypass

Tested with proactive profile, sandbox disabled.

I don’t say that it has to pass all tests but at least the ones which are passed by other products. Matousec has already announced tests on Windows x64, so Comodo should speed up there.

Also, the direct keyboard access warnings are still way to aggressive on x64, it gives warnings if any application receives keyboard input (e.g. typing text). It’s only on x64, can’t be too hard to fix, reported this long ago.

That’s interesting, I’ve tested all of Matousec’s tests with proactive and sandbox disabled, and Comodo successfully blocked everything - so it seems I can’t reproduce your results… Are you sure you cleaned your system out prior to testing of any old tests?

Begemot are you using 32 or 64 bits OS?

Win 7 x64

Do the tests “fail” if you disabled all security on your system?

Just to make sure your test is “valid”… and are you testing under Standard or Admin account, UAC enabled/disabled?

Admin account, UAC disabled, and I’ll retest them with comodo disabled asap.

That shouldn’t be possible. Can you post screenshots?

Sorry, turns out that I was using a 32 bit virtual machine - good job i double checked before posting the screenshots… >:(

No problem can happen
Do you happen to have the ability to build a 64bit test environment?

Should be able to at the start of next week, will post some updates then.

There won’t be a difference to my results, but test and see urself.

Edit: Some tips:
-Don’t enable DEP for all processes.
-Disable UAC.
-You need to start some of the tests in XP compatbility mode.
-Not all tests are working on x64, some are even crashing.
-You won’t see any activity of Cpilsuite2 & 3 because the code they are attempting to inject is 32 bit and not compatible to 64 bit processes. If they had compatible code Comodo would visibly fail these tests because SSTS can unhook the usermode hooks of Comodo for SetWinEventHook. Like I already stated, some other x64 HIPSes give correct warnings for these tests, e.g. Outpost.

many lots of bug on seven 64 bits, i come back to the version 3…

Conflict to WOW64 on sandbox…

Online Armor has an unhooking protection, so it doesn’t fail the Matousec tests on x64:

http://www.ld-host.de/uploads/thumbnails/5d4ea3f1f68cb5bc42e0358f209cc9ce.png

And Comodo is doing nothing, they happily fail many tests and say the world is alright. :-X

Wellcome to Comodo world, where everything is wonderful xD and nobody cares about bugs, wishlist, or unfinished components of the security suite.

I think it’s MS fault :-TD And also W7 64 is really poor, really new and not so popular ;D

Well, the new APIs could be better.
Nevertheless you can try to make the best out of it. Comodo simply doesn’t.

Yeah, I’m sure you still enjoy Windows 2000.

yeah, about MS my words was ironical Comodo can become better on x64 if they want; see the time to make OA++ on x64 (one year!). X64 is the future like IPV6, everybody known that

Someone should reup this in the CIS wishlist; wish Comodo programmers are doing their work to improve hips on x64 behind the scene as x64 will eventually become mainstream in OS.

I don’t know what’s the situation in other countries but in Germany Windows 7 x64 is standard for new systems.
So there’s no reason anymore to support x64 less than x32.

yes there is now no reason to do not pass to x64 for all users (xp mode etc).

here market share:

also, W7 x64 near n°1 on steam stasts! but gamers are early adopters!!

But in general i think the vast majority is staying on XP x86 of course.

It take a lot of time and resources for IS vendor to do good on x64, maybe let just time to comodo team, no?