Hello to everybody, as I’m a new member to the community…
I wanted to get your opinion on this problem:
I installed CIS 4 on a virtual machine and run certain malware samples to test it. One of them was a fake AV, which I run normally. Although I received the confirmation that the file was sandboxed as an unknown application, it was eventually allowed to run and completely infected my system, rendering it unusable.
Any ideas why this might have hapenned?
By the way forgive the use of the language as I’m not a native english speaker…
Comodo sandbox is only a partial sandbox which allows unknown apps to write to disk and registry. It is therefore possible for malware to infect your PC.
What I find a bit more worrying is that the other components of CIS have not picked up on the malware. The AV and D+ should have. Unless sandboxed apps are not scanned for virus and bypass D+…
So, please correct me if I’m wrong, running a program that is malware sandboxed, could have the same (bad) results as running it normally…
So I wonder, what is the real use of the sandbox?
Maybe “automatically detect installers/updaters and run them outside the Sandbox” has something to do with it? Maybe the fake AV fooled comodo into thinking that it was an installer and therefore it was ran outside the sandbox?
its a known problem (some registery classes are not protected) and will be fixed with next update. At least according to egemen.
to lazy to search for his post, so if you want to confirm my reply, search the forum
For almost all Rogues, Rebooting does help. This Rogue I personally tested, and so did a few others, Actually was even still loading on startup. Even Safe Mode it ran, (And causing system malfunction: Such as CIS 4 GUI not opening, antimalware installers not even starting). Anyway I’m glad it’s fixed… Just waiting for the next update now.
