SSS2.exe and all keylog test aren't blocked from defense+

the sss2.exe test of 3rd level of test try to shutdown the system…defense+ don’t detect the action and the system is shutdown…please correct this bug…my build is 5.0.163652.1142

keylog test aren’t detect from hips…

I making mi degree thesis about firewall and hips…comodo defense+ don’t work on my pc that have windows 7 home premium 64 bit but it works fine on windows xp sp3 32 bit…

nobody have tried the test of matousec?

cis defense+ correctly intercepts sss.exe in both cis3 and cis5 while, on the AV side, avira used with cis3 does not and comodo antivirus in cis 5 does.

I don’ know how to test for sss2.exe.

i have windows 7 64 bit home premium, comodo internet security 5 and avira antivir…keylog and ss2 test don’t function…why? my question isn’t about antivirus but about defense+… if i try to execute keylog test and after that i typing some letter in a browser for example, in the cmd window the character that ’ i’ve typed are written…why?doesn’t defense + ask me if allow or deny the access to the keyboard from keylog7.exe (however also other keylog test don’t function)?

for sss2 test if the hips don’t intercept the action the system will be shutdown…

my question isn't about antivirus but about defense+
I didn't speak about the AV either, i only reported it of course intercepts such actions.
I didn't test it from matousec as far as i remember, but the Zemana keylogger should do the same: it should be enough to set defense+ to monitor the keyboard.
for sss2 test if the hips don't intercept the action the system will be shutdown...
i am not so dumb...: I said that defense+ correctly intercepts the sss.exe test at: (if it does not, your defense+ settings are defective) but that this page downloads sss.exe, and not sss2.exe, itself part of SSTS: which i don't know how to run.

I have set defense+ to monitor the keyboard but only in windows 7 x64 there aren’t notifications…

Hi guys

If it’s OK I will move this to announcements until such time as it is clear whether there is a vulnerability

Best wishes


Checking again (but xp sp3 pro 32 bits), and everything passes under cis5 with both ssl.exe and zemana keylogging tests.:

-general configuration proactive
-both sandbox and all cloud features disabled
-defense+ settings:
General: paranoid mode, nothing checked
Execution control: Enabled, untrusted files as untrusted, heuristic analysis enabled, injection code enabled
Monitoring: eveything enabled
Sandbox: everything disabled

My network strategy is custom for every executable, but should not be relevant speaking here of an unknown executable, and i have no trusted vendor (should also be irrelevant).

Only the last sss test requires a firewall rule, out of the scope of what we are speaking of by now.

D+ is limited on 64 bit systems.

in windows xp sp3 32 bit the test works fine…the problem is only on windows 7 64 bit

what does it mean? the malware can be run on 32 bit system or 64 bit system…isn’t normal this behaviour of the defense+… isn’t normal that matousec test’ s behaviour is notified only in 32 bit version because the threats of the malware can be run in both the system architecture…

It means that 64 bit systems have a different architecture compared to 32bit ones; it’s limiting capabilities of programs that hook the kernel (i.e due to Patch guard) and implementing protection against some type of threat can’t be done in an equal manner on 64bit systems. In fact, some protections mechanisms are completely unavailable (ATM) due to above mentioned Patch guard.
Also, see this thread:

so if in my pc come in a keylogger, defence+ can’t find that…
in this case patch guard have worsen the things…