Sandbox bypassed, BSOD

Hi guys!

I tested a malware file with right click “Run in Comodo Sandbox” and result is a
nice BSOD.
Nothing happens under XP, crashes under Vista only! (Win7=?)
I uninstalled my CIS 5.3, installed firewall only, but the result is the same.
I send the file in pm.

Please investigate this!

My OS: Vista SP2 32 bit, UAC disabled, Admin account.
My set-up: D+ = Safe, Sandbox = Enabled, Firewall = Safe, AV = N/A,
“will be treated us” = Untrusted.
Other security software: No

Regards,
vv5204

What about D+ only?
When you run virus by manual sandbox… it gets virtualized.
Just try with D+ and automatic sandbox.
Also, you can send me this file.

so my question is : have you been able to reboot your computer after bsod ?

Was your computer infected after that reboot ?

If you answer yes to the first question and no to the second… the sandbox did its job and was not bypassed as the title of your post says… 88)

My test:
Windows XP SP2 on VMware Player 3.1.3

CIS v5.3:
AV=On Access
FW=Safe
D+=Safe
SB=Enabled; Untrusted

Results:
AV=no detection
FW=no detection
D+=MALWARE BEHAVIOR DETECTED !
SB=NO POP-UP (it was caught by D+ first but can be sandboxed if you choose so) !

[attachment deleted by admin]

I ran many malware files in auto sandbox but never had a problem,
CIS always protected me, so far.

First question: yes
Second question: no

“…the sandbox did its job and was not bypassed as the title of your post says…”
I don’t know… Why did crash my Vista?

Are you sure it was an actually BSOD? The file looked like a fake AV. You should look at the dump log and see if it was legit. I’ve known fake av’s to give fake security warnings and BSOD so you would restart your system.

No was security warnings, just simply blue screen and my OS automatically restarted.

Where are the dump log?

Regards,
vv5204

Minidumps are located in the C:/Windows/Minidump folder. You can attach it to the post.

Minidumps are located in the C:/Windows/Minidump folder. You can attach it to the post.

Thank you deadman!

Here are the files, if it does help…

Regards,
vv5204

[attachment deleted by admin]

The dump is only helpful when it is part of a bug report. Please consider filing file a bug report in the Bug Reports - CIS board following the format as described in FORMAT & GUIDE - just COPY/PASTE it!.

Because these malwares are poorly programmed… your computer is safe. For me, it’s not a bypass of the sandbox. :slight_smile: