Screen capture protection

I just ran SpyShelter’s test and it was able to take screenshots. Privatefirewall for example warns me and allows me to block the screen capture, but CIS allows it even with HIPS set to Paranoid and the application partially sandboxed as Untrusted.

I wasn’t able to test the application in the background (I read somewhere that CIS blocks screen capture only if they are requested by background apps), but I think allowing screen capture for any foreground application is a security concern.

I have the BB set to Restricted and it blocked all of the attempts. I then disabled BB, removed Antitest from the Unrecognised Files list and ran with D+ in Safe Mode. It blocked all screen capture attempts.

I am on Windows 8. What OS are you using?

Ok, I just did some additional tests and the results are… well, see for yourself:

BB enabled as Untrusted + HIPS enabled in Safe Mode —> screen successfully captured
BB enabled as Untrusted without HIPS —> screen successfully captured
BB enabled as Restricted without HIPS —> screen capture failed
BB disabled + HIPS Safe Mode —> screen capture failed (HIPS warned and allowed me to block it)

So I don’t know what is happening, if more people could reproduce this test to see if it’s my installation or a generalised bug, please do! Shouldn’t Untrusted be more strict than Restricted? For the moment, I’m disabling the BB and sticking to HIPS only.

Results observed on a Win7x64 machine.

Untrusted is more restricted than Restricted.

I forgot to tell that I am running Proactive Security Configuration. If you are running in Internet Security please try again in Proactive.

May be your configuration got corrupted somehow. Try importing a factory default configuration from the CIS installation folder. When importing give it an applicable name like CIS - Proactive Security Test Profile. Let us know if that makes a difference.

I wasn’t running Proactive Security config, but a heavily tuned Internet Security. Anyway, enabled Proactive, same results. Restricted BB blocks screen captures but Untrusted BB doesn’t.

Tried importing Proactive from the installation folder as you said, same results again.

Have you tested it with BB as Untrusted?

BB enabled as Untrusted + HIPS enabled in Safe Mode —> failed to capture any screen. CIS blocked them all.

Windows 7 64-Bit. Proactive security.

I tested with BB at Untrusted and odd enough it allowed captures 1a, 2a and 3a. It blocked the rest.

Can you test with BB set to Untrusted and see what happens?

We may be looking at a bug as we would expect CIS to block all like when using Restricted.

HIPs ( mode proctive)
BB assets and treat as not untrusted:
only test1a, test2a testa3 and are not blocked.

Note: BB restricted everything is blocked

If you’re asking me, I already did (see above).

You probably meant BB set to Untrusted (Not trusted, or Não Confiável in Pt-BR), right?

I am sorry. I meant to ask to test with the BB set to Restricted.

Which I did too. BB set to Restricted blocks the screen capture. See:

BB Restricted works (successfully blocks screen capture) with or without HIPS. Untrusted doesn’t work with or without HIPS.

Untrusted works for me. So I have no idea why it don’t work for the rest of you.

What’s even more strange is that I recall that in the past CIS didn’t block screen capture at all in this testing application. Go figure ???

SO the screen capture is blocked using restricted but is not blocked using untrusted ???

hey people and can you block the keylogging? i am having this problem since i first time installed comodo (4-5 years or more) it can’t block keyloggers

no meter what i do when i test REFOG keylogger (or few others) and when i am blocking access to keystrokes it can log it anyway

wanted to report that but i am too lazy to do all that stuff

The only way to know is to test it for yourself. Untrusted don’t work for them but it works for me.

So test it:

I did a quick search on the forum, and for what it’s worth, it looks like the issue with this test is nothing new. A poster back in 2010 said that on “limited” and “restricted” CIS passed, but not on “untrusted,” so the results were not consistent. Three years later, here we are…

Jaspion. Could you file a bug report about this in the bug report section? Please follow the reporting protocol closely. That way you’ll be sure the bug gets seen by Comodo staff.

I agree with EricJH. Please file a bug report for this. Also, please test to see if it bypasses the FV sandbox as well.


My tests are consistent with Jaspion’s, but on a XP32 SP3: Untrusted is less aggressive than Restricted. I am running full CIS in Proactive mode.

I’m using 8x64 system and yes:

  1. Test with Proactive, BB untrusted, no HIPS - capture successfull
  2. Test with Proactive, BB restricted, no HIPS - capture failed

How comes untrusted setting(s) failed