A. CIS6 2674 Zemana Key Logger Successfuly Logs keystrokes when Sandboxed as Untrusted. Also Logs keystroke when run in the virtual kiosk.It does NOT log the virtual keyboard in the Virtual Kiosk
This happens with USB and PS2 Keyboards.
What actually happened or you actually saw: Perfect keylogging
What you expected to happen or see:No keyboard stokes from a PS/2 or a USB keyboard being logged while I type
How you tried to fix it & what happened: No. After hearing from another forum member it does it even when fully virtualized i stopped there
If its a software compatibility problem have you tried the compatibility fixes (link in format)?:no
Details & exact version of any software (execpt CIS) involved (with download link unless malware):
Avast!7.0.1474 Free Av version, Superantispyware 5.6.1014
Whether you can make the problem happen again, and if so exact steps to make it happen:Right click on the key sim test with your sandbox settings as untrusted and say run in comodo sand box
Any other information (eg your guess regarding the cause, with reasons):Maybe Comodo Can encrypt PS/2USB keybords and while their at it encrypt the virtual keyboard in the virtual kiosk
B. Files appended. (Please zip unless screenshots).Screenshot, Killswitch Log, And Diagnostc, and keylogger test program
0. A diagnostics report file (Click ‘?’ in top right of main GUI) Required for all issues):
Screenshots of the 6.0 Killswitch Process Tab (see Advanced tasks ~ Watch Activity) or 5.x Active process list. If accessible, required for all issues:
Screenshots illustrating the bug:included
Screenshots of related CIS event logs:doesn’t give an alert
A CIS config report or file.included
Crash or freeze dump file:N/A
Screenshot of More~About page. Can be used instead of typed product and AV database version.
C. Your set-up
CIS version, AV database version & configuration used: 6.0.2708 Proactive
a) Have you updated (without uninstall) from a previous version of CIS:NO
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:YES
a) Have you imported a config from a previous version of CIS:NO
b) if so, have U tried a standard config (without losing settings - if not please do)?:N/A
Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):Firewall Settings, ticked block fragmented IP Traffic, ticked enable anti-ARP spoofing. Enabled Stealth Ports,do protocol analysis, Filter loopback traffic, filter Ipv6 traffic
Defense+, Sandbox, Firewall & AV security levels: Hips=Safe, Sandbox/BB= untrusted, Firewall = SAFE, CAV = Not Installed.
OS version, service pack, number of bits, UAC setting, & account type: Windows 8 x64,UAC Off, Administrator level account
Other security and utility software currently installed: Superantispyware 5.6.1014, Avast!7.0.1474 Free version
Other security software previously installed at any time since Windows was last installed:NONE
Virtual machine used (Please do NOT use Virtual box):NONE
*issue occurs on two different PC’S both running Windows 8 x64 pro, UAC OFff, Administrator accounts
After Egemens replies (see linked topic). Here’s what I propose.
This forum’s declared scope is to document user ‘issues’ not just things that meet the technical definition of bugs. Behavior (or lack of it) that poses significant problems for users given the overall design intent of CIS. Vulnerability to some forms of keylogging is a problem, and CIS intends to block keyloggers where it can without usability problems, AFAIK.
Egemen has said he does not regard this as a bug - paraphrasing it’s a compromise between security and usability, the best they can do given current technology. So I feel it’s an intermediate case. A design limitation they’d like to fix if they knew how.
I will therefore forward this (and leave the prior report on file), marking it’s ‘enhancement or bug’ status on the tracker as ‘debatable’.
You may wish to note this as a wish list item as well.
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.
It’s reassuring knowing a logger cannot phone home without say so (if FW alerts are on)
I think that the ability to create separate rules for the kiosk/sandboxed apps would be a nice addition to CIS
ie turn HIPS and high FW alerts on in VK and sandboxed apps
Thanks for helping clarify this issue mouse :-TU
I tested this by running it in the FV Sandbox. After opening it I opened up a non-virtualized instance of Comodo Dragon. What I found was that even if I made Dragon full screen and typed into the URL bar, the keys were logged by the keylog test run in the FV sandbox.
By the way, this issue is probably very similar to the one I raise here, although as it’s a different tester it’s probably best to leave them separate. I’m just posting it for the devs benefit.
Thus, this is still not fixed with CIS version 6.1.276867.2813.