Whether you can make the problem happen again, and if so exact steps to make it happen: Run as admin wutilruntimeloader.exe and the hack is injected
Any other information (eg your guess regarding the cause, with reasons): N/A
Files appended. (Please zip unless screenshots).
Screenshots illustrating the bug: N/A
Screenshots of related event logs and the active processes list: N/A
A CIS config report or file. default settings
Crash or freeze dump file: N/A
Your set-up
CIS version, AV database version & configuration used: default
a) Have you updated (without uninstall) from CIS 3 or 4, if so b) have you tried reinstalling?: n/a
a) Have you imported a config from a previous version of CIS, if so b) have U tried a preset config?: N/A
Other major changes to the default config (eg ticked ‘block all unknown requests’, other egs here. ) it will changes nothing
Defense+ and Sandbox OR Firewall security level: default
OS version, service pack, no of bits, UAC setting, & account type:Windows 7 64bits UAC off
Other security and utility software running: CIS 5
Virtual machine used (Please do NOT use Virtual box): no.
Note how to reproduce, make sure you havent uac, right click - run as administrator , comodo sandbox give 1 alert " this application is sandboxed ", and the cmd say : ’ sucess ’ the hack is correctly injected into war3.exe without any warning by comodo hips, thanks you for fixing it into futher version! (if you have real cd key, stay out of battle.net with this hack injected )
Hello,
I have tried this on Windows 7 x64 with proactive config and sandbox disabled.
When I start the hack I get a warning that it wants to have debug privilegs and that it wants to inject code into war3.exe.
Maybe the problem is just related to internet security profile with sandbox enabled?
Are you sure that the code is really injected (Do you see enemy units in the fog of war?)?
Because the hack says even “success” if I block it to inject its code and the enemy is still not seeable.
Is war3.exe running in the sandbox? I guess sandboxed processes are able to inject code into each other.
[quote]Are you sure that the code is really injected (Do you see enemy units in the fog of war?)?
[/quote]
yes im sure, i can see unit in fog of war, war.exe is sandboxed
internet security mode
Will try OA on x64.
i tried, it give 2 warnings
edit : tyed with proactive mode, it is blocked (sandbox enabled )
issues with default settings
so, how injection can work low-level
What about running war.exe outside of the sandbox?
I think as long as sandboxed applications can’t influence applications outside it’s not a real “bypass”.
Unfortunately we do need all the information we have asked for, if we are to forward it to verified issues.
For the moment I am going to move it to the Orphaned/Resolved child board. If you do manage to edit your post to add the information requested we will of course consider moving it to verified reports.
The devs only look at the Orphaned/Resolved board if they have time, so please do edit the post and PM an active mod if you want it fixed.