SpyShelter keylog test fail ?

Plz move to correct topic if wrong
and I apologies if this has all ready been covered here

I have just downloaded and tested the spyshelter anti-keylogger/screen grab test http://www.spyshelter.com/

CIS 5.12 AV did detect the download (I reported as a FP) CIS kept quiet after this
all the tests failed -screen grab
copy clipboard
key strokes
I’m sure I’m missing something here 88)
is the fail due to me reporting this as a FP initially ?

It is not FP. :wink:

I reported it, let’s see if it’s suitable for TVL, if yes then you’ll no longer have any alerts about it.

Another cloud lookup issue …

Adding it to the TVL means that it will evade D+ and this leaktest will be useless.

Test applications such as this are not suitable for whitelisting. Also, it is common practice to detect them as a potentially dangerous application. I believe that this is in case they were installed on your computer without your being aware.

It is NOT a common practice. Just 3 (including comodo) out of 46 in virustotal treat it as bad file. Nearly all common AVs do not detect it as malware. I find Comodo like to treat this kind of test files as malware to avoid testing to be performed by end users. >:(

Comodo does not see it as malware it calls it Application.Win32.LeakTest.SpyShelter; a leaktest.

The other scanners only have a heuristics detection. This can be expected giving the nature of the file.

Don’t play with wordings. My major point is that Comodo like to bad listing this kind of testing files such that users are hard to perform the tests. This is NOT common for the other scanners to bad listing the files.

I seriously doubt that somebody who wants to use a leaktest of some sort (somebody with a more than average interest in computer security) will be put off by that.

But one “successfull” test could be enough :smiley: … for example from a user with another antivirus, or someone who presses buttons…

Usually it would be better for comodo anyway IF such a test is performed, …to prove the facts :wink:

They do this for the express purpose that files like this are used to test your security application!

If Comodo whitelists these types of files, guess what? The tests will fail because CIS will trust the application and it will be able to do whatever it wants to do to the users system.

So doesn’t it make more sense to give the user an alert that Comodo knows that this is a leaktest file, and let the user proceed with the test instead of allowing the file to run unhindered and thus fail the test? :wink:

Not bad listing the files doesn’t mean Comodo need to white listing (trust) the files. Just let them be UNKNOWN files as CIS treat CLI test file.

Because then you’ll have users asking why the file is unknown…

Have you seen request to add CLI test to trust file?
I have never seen such requests but I do remember there are requests to exclude those tester files in bad list in the forum.

Did you try submitting it in the AV False Positive/Negative Detection Reporting board?

I do reported some FPs in the past but I can’t sure if any tester files are reported.

Anyway, the AntiTest.exe file had already been reported as FP as mentioned in previous replies by other members a week ago but I still find it included in Comodo’s bad list.

On partially limited : CIS failed every test except system/registry protection

On limited and above : CIS passed all tests 100%

depends on your configuration.

I find Comodo like to treat this kind of test files as malware to avoid testing to be performed by end users.

It is being detected as a PUP and not malware as I think it should.

i see no point in the partially limited setting if it is weaker in protection. >:-D

to make legit unknown apps work correctly