Author Topic: Problem with CIS  (Read 3889 times)

Offline APACHE

  • Comodo Family Member
  • ***
  • Posts: 94
Problem with CIS
« on: March 31, 2010, 06:55:27 PM »
Can you at Comodo tell me why after downloading a known malicious file to test in CIS sandbox and after running the file I found 5 infestations on the computer with Malwarebytes?  The computer was clean at the start of this test. The file was run in the sandbox as untrusted.

CIS AV did not detect this as malware

The file was;
 File Vizualizacao_Fotos.scr received on 2010.03.31 22:33:11 (UTC)
http://www.virustotal.com/analisis/56535fd606851603c0504403a2af5ca8294a5e81133b664ec53f57089ed60526-1270074791

CIMA Results
http://camas.comodo.com/cgi-bin/submit?file=56535fd606851603c0504403a2af5ca8294a5e81133b664ec53f57089ed60526


CIS Version4.0.138377.779
OS Windows 7

I still have a copy of the Vizualizacao_Fotos.scr file if needed.

APACHE

[attachment deleted by admin]
« Last Edit: March 31, 2010, 07:36:41 PM by APACHE »

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Problem with CIS
« Reply #1 on: March 31, 2010, 09:12:52 PM »
The sandbox currently incorporated in CIS is not yet bulletproof. Currently it will allow a program to drop files outside of the sandbox.

These files, however, are sandboxed if they try to run.
« Last Edit: June 03, 2010, 11:35:12 PM by Chiron »

Offline APACHE

  • Comodo Family Member
  • ***
  • Posts: 94
Re: Problem with CIS
« Reply #2 on: March 31, 2010, 09:34:13 PM »
The sandbox currently incorporated in CIS is not yet bulletproof. Currently it will allow a program to drop files outside of the sandbox. Please see the guide in the bottom of my reply for more information about how the sandbox works.

I have used other sandbox apps before and usually you don't have this kind of issue. The untrusted file or app is run in the sandbox to keep it from infesting the rest of the PC if it turns out to be malicious.  If malicious then it can be removed without any harm to the computer.

APACHE
« Last Edit: March 31, 2010, 09:36:17 PM by APACHE »

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Problem with CIS
« Reply #3 on: March 31, 2010, 10:23:36 PM »
I believe that this is what they are aiming for (I hope) however it's not quite there yet. Perhaps this is the reason the update to V4 hasn't been pushed to the V3 users as of yet. Personally the Sandbox feature in V4 feels very much like a Beta to me.

Until the sandbox issue is solved I'd stick to using Sandboxie or Returnil.

Offline APACHE

  • Comodo Family Member
  • ***
  • Posts: 94
Re: Problem with CIS
« Reply #4 on: March 31, 2010, 10:38:39 PM »
I believe that this is what they are aiming for (I hope) however it's not quite there yet. Perhaps this is the reason the update to V4 hasn't been pushed to the V3 users as of yet. Personally the Sandbox feature in V4 feels very much like a Beta to me.

Until the sandbox issue is solved I'd stick to using Sandboxie or Returnil.

I've got a copy of v3 & v4 and just reinstalled v3 back on this PC. v4 still seems to be a little to buggy.
I can run my malicious file test on the other computer with the VMWare. Tip; If your not very careful with Returnil it will cause blue screen events on Windows 7.

Thanks
APACHE

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek