This is the website for downloading and testing the "Zemana Key-Logger Simulation Test Program ".
I downloaded and tested it. however, it seems to bypass COMODO somehow and still record the keystrokes I type. No warning is displayed by Defense+. Also, no protection from key-logging when running in COMODO Sandbox.
I tried running it under Sandboxie, still the keylogger also bypasses its protection.
Why didn’t COMODO issue any warning about this file? It isn’t even digitally signed. Could this be a possible security hole that can be exploited?
This topic discusses how it can bypass the FV Sandbox as well. However, at least on the real system, the firewall would still intercept any attempt by the keylogger to transmit this data. Thus, you should be safe unless you allow the firewall alert.
It will get sandboxed but yes it might still function due to the auto-mode of BB. That’s why I have HIPS and BB enabled so the HIPS will ask me for the action which to take instead of relying on auto-mode in BB. But the real keylogger won’t get away with your info since you will get the firewall alert as Chiron said.
I have all layers of protection enabled: AV, FW, BB, D+, sandbox etc.
I assumed that this couldn’t be a major security risk, but I was surprised that I got no alerts whatsoever.
Having bypassed Sandboxie is what also triggered my attention. I am just talkling about the concept of this tool, maybe someone could figure out how to make malware that could use the same techniques as this program and create damage.
I disabled the Behaviour Blocker (with its “auto-sandbox” mode) and tried again, still no alerts.
Maybe I need to dig more into COMODO’s configuration and see what needs to be enabled and what doesn’t.
I have reset my settings to “COMODO - Internet Security” predefined configuration, just to make sure
When you say D+ you mean you have HIPS enabled and still get no alerts? (1st you should see sandbox alert if you have BB enabled after you will get HIPS alert asking for action if you have it enabled) Are you using proactive configuration? It’s still in the sandbox environment so I don’t see any way for damage.
Did you restart your PC after the switch? You need to restart the PC again. Yes set Comodo to Proactive mode and use sandbox restriction of ‘limited’ or above (other malware bypass issues). I strongly recommend this settings.