The Spyshelter Test Tool Is Not Virtualized When Run On Computer [M1251]

lugo_58 · September 25, 2014, 7:31am

1. The full product and its version:
COMODO Internet Security 8.0.332922.4281 BETA

2. Your Operating System (32 or 64 bit) and ServicePack revision. and if using a virtual machine, which one:
Windows 7 Home Premium x64 SP1 - Real Machine

3. List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?:
Default configuration

4. Did you install over a previous version without uninstalling first, or import a previous configuration file?:
No, ıt is clean install.

5. Other Security, Sandboxing or Utility Software Installed:
Only CIS v8

6. Step by step description to reproduce the issue. Or if you cannot reproduce it, what you actually did before it happened, step by step:
1: I downloaded Spyshelter test tool from the internet with Comodo Dragon.
2: After download finish, I ran the tool for testing.
3: CIS v8 did not block (sandbox) the tool
4: I can easily made screenshots and I can even pass the System Protection. CIS v8 was failed on the test. A video showing this is attached to this post.

7. What actually happened when you carried out these steps:
I downloaded and unknown file (test tool) from the internet, ran it, but CIS v8 did not sandbox it. I couldn’t figure out a way to get CIS to sandbox it.

8. What you expected to see or happen when you carried out these steps, and why (if not obvious):
I expect, CIS should sandbox it and block its attempts.

9. Any other information:
Here is the tool that I use : Zippyshare.com - [now defunct] Free File Hosting
In order to make sure this wasn’t a problem with the fact it’s downloaded in a zip file, or that the browser I use may not be supported, I tried uploading the spyshelter executable to a file sharing site. I then copied the download link and restarted my computer. Then, after it starts again, I downloaded it using the link through IE. Even then when I ran it, CIS still did not isolate it.

[attachment deleted by admin]

Chiron494 · September 25, 2014, 2:24pm

Okay, let me summarize what has been tested before this bug report was created.

It was possible that this issue was a duplicate of this bug report because it is downloaded as a zip file, and currently files downloaded as zip files, and then unzipped, will be run unsandboxed.

However, you tested this by taking the executable, uploading it to a file-sharing site, downloading it from there, and only then running it. In that way CIS should see it as an executable which was directly downloaded from the internet. However, even in that scenario it was still run without restrictions.

If you have not already, please try this. Upload the executable directly to a file sharing site. Then copy the download link to a txt file, or any other file, and save it. Then restart the computer. Then, after restarting the computer open Internet Explorer, paste the download link into Internet Explorer, and download it. Then run it and let me know if it again runs unsandboxed.

Thanks.

lugo_58 · September 25, 2014, 8:18pm

I made the same senario with latest version of IE 11 in Windows 7 Home Premium SP1 x64.
The result is same. This is ınform to you.
I think browser is not the problem here. Problem is CIS itself.

Thanks

Chiron494 · September 25, 2014, 8:35pm

Thank you for testing this. I just updated the first post.

However, I got curious and tested this on my own system. Upon downloading it from the link you provided, and then running it, it was correctly sandboxed.

Therefore it seems that there may be something specific to your system. To rule out a lot of possibilities, please reinstall by following the advice I give in this post. Then, after reinstalling do not change any settings or import a configuration. Then test this and let me know what you find.

Thanks.

lugo_58 · September 25, 2014, 8:39pm

Chiron I am really bored about this “Please make Clean Install”. I know most of bugs happens because of erros in installition.
I have enough experienced with CIS, ıt is clean install and problem is obvious. I do not want clean install for every bug. Even the other members had this problem.
Please understand me :-\ I do not want to attack you, this is not personal

Chiron494 · September 25, 2014, 8:50pm

The issue is that if reinstalling does not reproduce this bug on your machine then it is very likely not reproducible for the devs either. Thus, if I forward a bug I do not believe is reproducible it takes time away from them working on bugs which are reproducible.

Please do reinstall, once you have the time. Also, please post a link to where another user had this same issue.

Thanks.

lugo_58 · September 25, 2014, 8:51pm

Ok. I will do it in this night.

Chiron494 · September 25, 2014, 9:01pm

Thank you.

lugo_58 · September 25, 2014, 9:05pm

Chiron if you want please connect my PC via Temaviewer and make the test yourself
You can see clearly?

Chiron494 · September 25, 2014, 9:12pm

I’m sorry, but I cannot do that. Once you have the time please try reinstalling.

Thanks.

lugo_58 · September 25, 2014, 11:00pm

I installed a fresh CIS v8 Beta and problem still exist for me. I made the same senario ,test tool still not sandboxed.

Chiron494 · September 25, 2014, 11:08pm

Thank you for checking this. Please attach a Process List to your first post and I will forward this to the devs.

lugo_58 · September 26, 2014, 8:09am

Added.

Chiron494 · September 26, 2014, 3:24pm

I’m sorry, but I only see the video, and diagnostic reports attached to the first post. Please open KillSwitch by first opening the main screen for CIS. Then click the arrow in the upper-right corner to flip to the Tasks side. Then go to the Advanced Tasks section. Here click on “Watch Activity”. This will open KillSwitch.

Once KillSwitch is open go to the KillSwitch menu and select “Save Current View”. Then take the file it creates, put it in a zip file, and attach it to your first post.

Let me know if you have any questions. Thank you.

lugo_58 · September 26, 2014, 11:22pm

Sorry for this.
Done.

Chiron494 · September 27, 2014, 1:41am

No problem at all.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

lugo_58 · October 16, 2014, 9:32pm

This issue still persist, I did the same senarios.
Should I update the first post or Should I create a new bug for this ?

Chiron494 · October 17, 2014, 12:56am

No need to make any changes. Just respond, like you did, and I’ll update the tracker on your behalf. It’s now been updated.

Thanks.

xuhongmei · October 20, 2014, 5:47am

Hi yigido,
I’m a member of COMODO. Could you please send me the teamviewer account and password? So that our developer could test on your computer. Because on our local machine, download the Spyshelter via dragon and run it with default setting of auto-sandbox, the Spyshelter is sandboxed virtually.
Thank you very much. If possible, please send the teamviewer account and password to hongmei@comodo.com

Best regards,
Hongmei

lugo_58 · October 20, 2014, 10:10am

I have no CIS or CFW ınstalled sorry. If you did not see any problem on this bug, it is OK.
I will wait the stable release and I will test it again with stable version.
Sorry again,

@Chiron, friend, you can move the topic solved section. I f I will face the problem again with the stable CFW, I will open another bug report for this. Thanks.

Kind Regards,
yigido