With Trusteer Rapport running IE 9 will not start properly either in the Virtual Kiosk or when sandboxed Partially Limited.
A. The bug/issue
- What you did: Added IE9 to the sandbox (fully virtualized), also added Comodo Dragon as well.
- What actually happened or you actually saw: IE9 does not start properly. It will start after a minute or so but is then unresponsive. Dragon starts and runs normally.
- What you expected to happen or see: I expected IE9 to start
- How you tried to fix it & what happened: Shutting Rapport down fixes the problem. IE9 then starts normally when sandboxed and in the Virtual Kiosk.
- If its a software compatibility problem have you tried the compatibility fixes (link in format)?: N/A
- Details & exact version of any software (execpt CIS) involved (with download link unless malware): Trusteer Rapport, Emerald Build 1207.40. Internet Explorer 9.0.8112.16421
- Whether you can make the problem happen again, and if so exact steps to make it happen: Always reproducible. Start Rapport, start Virtual Kiosk, start IE9.
- Any other information (eg your guess regarding the cause, with reasons): Rapport generates “Attempt to alter function CreateProcessA Blocked” and “Attempt to alter function CreateProcessW Blocked” error messages in it’s log. My guess is that Rapport is somehow interfering with the operation of the sandbox and/or Virtual Kiosk.
B. Files appended. (Please zip unless screenshots).
0. A diagnostics report file (Click ‘?’ in top right of main GUI) Required for all issues): Attached
- Screenshots of the 6.0 Killswitch Process Tab (see Advanced tasks ~ Watch Activity) or 5.x Active process list. If accessible, required for all issues: KillSwitch attached
- Screenshots illustrating the bug: Not required, IE9 eventually starts but is unresponsive
- Screenshots of related CIS event logs: Attached
- A CIS config report or file. N/A
- Crash or freeze dump file: N/A
- Screenshot of More~About page. Can be used instead of typed product and AV database version. Attached
C. Your set-up
- CIS version, AV database version & configuration used: See CISVersion.jpg. Proactive Security config used.
- a) Have you updated (without uninstall) from from a previous version of CIS: No, uninstalled 5.12 and rebooted before installing 6
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: N/A
- a) Have you imported a config from a previous version of CIS: No, created new config from scratch in 6
b) if so, have U tried a standard config (without losing settings - if not please do)?: N/A
- Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No
- Defense+/HIPS, Autosandbox/BBlocker, Firewall & AV security levels: D+/HIPS= default, ASB/BB= Dragon, VLC, IE9 sandboxed (fully virtualized) D:\Users\Downloads folder excluded from virtualisation, Firewall = Custom rules for Skype and uTorrent added otherwise default, AV = default
- OS version, service pack, number of bits, UAC setting, & account type: Win7 SP1 + all updates, 32-bit, UAC off, Administrator account.
- Other security and utility software currently installed: Trusteer Rapport, Malwarebyte’s Antimalware scanner (free version).
- Other security software previously installed at any time since Windows was last installed: None (recent re-install of Windows7, downgrading from Windows8 ).
- Virtual machine used (Please do NOT use Virtual box): None, run natively.
[attachment deleted by admin]