Some tests

Here are some samples transhipped from xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, attached in the accessory.
Stop.exe and Stop2.exe can lock the mouse;
htaaa.exe can terminate the processes(may include processes of system and HIPS), so does htbbb.exe, but the latter one cannot be run in the virutual environment. htccc.exe can terminate the explorer.exe.
So, try your HIPS

Mod edit : URL removed. Please do not post URL for sites containing objects that can do material harm to an unsuspecting users PC in the publicly accessible boards.

[attachment deleted by admin]

Does Comodo pass this test?

Well, why not have a try first? :wink: They don’t do harm to your PC indeed >:-D
Actually, Comodo faild to pass most of them :wink: since V3 can’t intercept some functions.
So can any developers test all of these above and discuss the possiblities of using the “flaws” by malwares to penetrated the Comodo shield :wink:

Such as?

BTW, cannot download the file without registering for the site, which I’m not inclined to do.

I’ve attached a compressed file in the accessory, and here is a direct download link:xxxxxxxxxxxxx

Mod edit : Link removed

There must be an abundance of such advanced malicious codes, breaching, even the heavily armoured sentries of Comodo.

Doesn’t really make Comodo seem all that invincible. I believe, in general terms, rather than finding new solutions for newer problems, strengthening the base, makes a solution at all circumstances and all times.

I don’t even know if what I wrote made any sense, or if any of it was at least one percent relevant to PC security.

But one thing is true, once malware writers start focusing, specifically, on circumventing HIPSs, cases as such as this will become more common.

I’ll wait till I hear from the developers before reaching a conclusion.

Do not visit that website.
It’s from china.

The site is one of websites which has tons of security holes (eg,SQL Injection).
It was an issue that some of webpages of that site put malwares to connected PCs automatically.

Also some of pages can make people infected and attacked by XSS attack.

One of moderator should delete the link.

Someone willing to run the termination test? :comodo110: (CNY)

Yep, stop2.exe kill my mouse (not able to click anymore) and htccc.exe kills explorer.
D+ in safe mode, everything checked in Monitor settings.

Easy, use Sandboxie and configure it appropriately to run your web browser sandboxed with reduced rights etc. I use CIS 3.9 beta and Sandboxie. CIS alone is not really enough. On the other hand, Sandboxie alone and configured properly is arguably enough.

Have you ever tried these programmes with Sbie?

Nice combo… To me however CIS is enough. Also can sandboxie protect you from keylogging? can sandboxie prevent malware dialing home and sending your info somewhere? If no then sandboxie is not enough…

Sandboxie has a history of letting stuff escape from time to time as well. I wouldn’t pick sandboxie over CIS…
Especially not if your definition of properly configured means “run your web browser sandboxed”.

Thats not a “total” protection but could serve as a compliment. As it would guard one thing, the web browser… And the stuff it might “install”.

However all your other applications (whatever those might be), would still connect home with no checking and with no firewall there to guard them (your system is still there running in the back, its not just a browser)… + you would lack info on the stuff thats already on your computer and what they are doing sandboxie would never detect any baddie you already got… Something that CIS actually does. =)

Mate, I don’t think you understand the power of Sandboxie. Yes, it does protect against keyloggers etc. When my browser is opened, I have restricted file run access and also file internet access. Also I have dropped the rights of the programs running in that sandbox. Easy.

Sure, but I do agree that Sandboxie can only protect certain programs at a time. That’s why I use CIS! CIS is great!

I’ve checked those files, and D+ was penetrated! I hope devs will check this up.

well sandboxie its all you need in this case because if you run a keyloger we will install in the sandbox and not actually on your system and he don’t have right’s to do nothing sandboxie + CIS it’s very nice

Hm, so you guys are claiming sandboxie protects from keyloggers when their very own website says it don’t…
http://www.sandboxie.com/index.php?DetectingKeyLoggers

Sandboxie is not designed to detect or disable key-loggers, but it is designed to make sure that sandboxed software stays in the sandbox, that such software can't integrate into Windows, and that it can be completely discarded when you delete the sandbox.

I think it speaks for itself… Anyway Iam not that experienced with sandboxie so I guess maby it can protect to some extent if properly configured…

I could go on why I think sandboxie can’t offer that 100% protection… But that would be going off topic. If needed lets PM…

Regarding the termination tests… Was there any termination alerts, or some kind of bla bla bla bla explorer bla bla bla bla…? ;D :wink:

No bla,bla. Just mouse and explorer killed silently.
But you can try yourself, it doesn’t bite. ;D

I uploaded it to CIMA and here are results:

Htaaa: Wating for results over 24 hours soon
Htaac: Not Rated as Suspicious
Htaab: Wating for results over 24 hours soon (lol if it froze CIMA)Uploaded at 4:30 PM MT April 22
Stop: Not Rated as Suspicious
Stop2: Not Rated as Suspicious

Htaaa: http://camas.comodo.com/cgi-bin/submit?file=41ddd6a2f429b6c103f8afa6406fa7a98b08db65ff1f91d3330008fe90f96253

Htaab: http://camas.comodo.com/cgi-bin/submit?file=2c0624a3aa86e1cf0ad8ebab94953c34b849d60be6b7dc704a73c0cc77769f11

Here are links to the files in CIMA

I also uploaded it to Virustotal here are results

Htaaa: 3/40
Htaac: 3/40
Htaab: 3/40
Stop: 3/40
Stop2:4/40

I also tested them (keep im mind that i have comfigured CIS for maxmium protection)
passed all but STOP2 that did give a promt on CIS and i selected Isolated Application. did not work it still ran!
CIS did NOT crash, Explorer did not crash! Still failed Stop2

Config: Proactive
Defense + : Paranoid
Firewall: Safe mode
Image Execution Control Setting: normal setting + All applications + executables

Thank you for testing. You mentioned that CIS had passed all but stop 2. I am wondering what pop-up dialogs appeared when you run htaab, and did htaac terminate the explorer.exe? Did stop lock you mouse?