Something to improve in CFP - Defense+ [anti-loggers]

A few moments ago I was performing a search for news on security tools and I came across Zemana AntiLogger (you can see more at the offcial web site -

I did not download the tool, but I did download the free test tools they provide to see if CFP were able to block them and prevent them, therefore, from logging anything.

You can get the testing tool in here -

To download SSL-Logger Test Program, I had to contact them, therefore I do not have that tool yet.

CFP with Defense+ set to Safe Mode blocked 100% with the exception of the WebCamLogger Test Program. The Defense+ did alert me and I blocked the 2 attemptives by this test, still it succeded to log what the cam was seeing (in this case me :wink: ).

It still succeded with Defense+ set to Paranoid Mode.

Maybe some improvements to make on CFP.

All the best.

I’ve just tested my system. I skipped WebCamLogger because I do not have a webcam and SSL-Logger for obvious reasons. I use the lastest version of CFP and my system didn’t pass the Clipboard-Logger test :confused: .

Windows XP Pro 32-bit SP3
Avira Antivir PE 8
Tested on Defense+ mode: Safe Mode and Paranoid Mode

Keylogger test uses the ‘RawInput’-method, which fails with CFP 3 when choosing to now allow it to access the keyboard.
Screenlogger test fails when choosing to not let it access the screen.
For clipboard test, no alert is shown, so it succeeds to to the job.
I’m running CFP with Defense+ in Paranoid Mode on Windows XP SP3.


Funny. I did that test again (Clipboard) and it failed. But I do remember Defense+ asked for permissions.

Thinking better, it actually failed here as well before. I made confusion with another testing I was making. Sorry for the misunderstood.

Anyway, it seems our beloved CFP needs some improvement.

It has been discussed before and it was promised to be fixed but still not.

So it seems. Lets hope they fix it.

I have seen the wilderssecurity forum before, and it seems that SafeSpace did a good job.

I made a test with Emsisoft Mamutu (paid product) which only bases its protection on behavior. Quite amazing. It intercepted the tests. And people can add rules to allow or block applications, so they have a better experience with this tool, and get no alerts in case of a trusted application. Pretty cool. Better than threatfire by PC Tools, except it is paid and no free version.

Now a little off-topic: Mamutu behavior alerted for two actions for Thunderbird. One as a trojan alike threat and one other as spyware. I blocked both behaviors and allowed Thunderbird and I still can send and receive emails. It is one amazing piece of software.

All the best.

Why I am not surprised. :smiley:
Anyway, let’s hope it will be fixed in the next version.

i can crash clipboard exploit or if i allow all comodo failed the test, i can see copy/paste in the window exploit.
defense+ will get better :slight_smile:

It seems that Defense+ needs to be improved, and fast!

Today I downloaded and tested the keylogtest from and Defense+ asked what to do, so I blocked, but the keylogtest was able to bypass Defense+ blocking.

I have Defense+ set in Paranoid Mode.

(System Safety seems to block it properly).

Defence plus blocks it dead. It can,t log anything.

[attachment deleted by admin]


Defense+ did not ask me to allow or block the access to the keyboard. It asked me to allow or block direct access to the screen, if I am not mistaken. So I blocked, still it bypassed Defense+ block.

I’ll retest it again. No idea why it didn’t ask me that.

I get two alerts from this keylogtest.exe in Paranoid Mode and in Safe Mode as well.
First is for direct monitor access and the second one is for direct keyboard access.
If I choose to block both of them then the .NET framework reports an exception and I can close it or continue. If I choose to continue then this testing application cannot log anything.
But if I choose to block only direct screen access then the colors still change when a key is pressed, I don’t know if it’s an expected behaviour.