Zemana Keylog test bypasses COMODO protection!


This is the website for downloading and testing the "Zemana Key-Logger Simulation Test Program ".

I downloaded and tested it. however, it seems to bypass COMODO somehow and still record the keystrokes I type. No warning is displayed by Defense+. Also, no protection from key-logging when running in COMODO Sandbox.

I tried running it under Sandboxie, still the keylogger also bypasses its protection.

Why didn’t COMODO issue any warning about this file? It isn’t even digitally signed. Could this be a possible security hole that can be exploited?

This topic discusses how it can bypass the FV Sandbox as well. However, at least on the real system, the firewall would still intercept any attempt by the keylogger to transmit this data. Thus, you should be safe unless you allow the firewall alert.

It will get sandboxed but yes it might still function due to the auto-mode of BB. That’s why I have HIPS and BB enabled so the HIPS will ask me for the action which to take instead of relying on auto-mode in BB. But the real keylogger won’t get away with your info since you will get the firewall alert as Chiron said.

I have all layers of protection enabled: AV, FW, BB, D+, sandbox etc.

I assumed that this couldn’t be a major security risk, but I was surprised that I got no alerts whatsoever.

Having bypassed Sandboxie is what also triggered my attention. I am just talkling about the concept of this tool, maybe someone could figure out how to make malware that could use the same techniques as this program and create damage.

You will not receive HIPS alerts from things that are Sandboxed. So while you would get alerts if it was not sandboxed, it won’t alert when ran inside the sandbox.

I disabled the Behaviour Blocker (with its “auto-sandbox” mode) and tried again, still no alerts.
Maybe I need to dig more into COMODO’s configuration and see what needs to be enabled and what doesn’t.

I have reset my settings to “COMODO - Internet Security” predefined configuration, just to make sure :slight_smile:

When you say D+ you mean you have HIPS enabled and still get no alerts? (1st you should see sandbox alert if you have BB enabled after you will get HIPS alert asking for action if you have it enabled) Are you using proactive configuration? It’s still in the sandbox environment so I don’t see any way for damage.

Switch it to “Comodo - Proactive security”

I tried switching to “Proactive” mode now, still no alerts whatsoever.

I will reinstall COMODO now, in order to get rid of any doubt that it was a misconfiguration I had made. I will set it then to “Proactive Security” and check once more.

I have never gotten a single HIPS alert when something is sandboxed… Are you sure about this?


  • Reinstalled COMODO IS;
  • Enabled “COMODO Proactive Security” config

Now I got alert and COMODO has managed to block it.

One problem solved for me ;D

Did you restart your PC after the switch? You need to restart the PC again. Yes set Comodo to Proactive mode and use sandbox restriction of ‘limited’ or above (other malware bypass issues). I strongly recommend this settings.

No it’s still an outside alert. The sandbox will wait for the HIPS action (even if I see an alert from the sandbox saying that the file was sandboxed). It’s delayed response I guess.

Glad to hear that! ;D :-TU