- Jul 21, 2011
- 669
I tested Comodo 5.8's HIPS sandbox against the Black-Day trojan. THIS IS PURELY A TEST OF THE SANDBOX. All other features have been disabled, when testing against default settings the results will go much much much more in favor of Comodo.
This is also a test of the automatic sandbox. The manual sandbox will give better results.
Black-Day bypassed the sandbox, even with Untrusted settings.
Screenies below of the infection.
As you can see the blackday Trojan when sandboxed as Restricted was able to infect those files. I ran it as Untrusted in a new clean VM and the results were the same.
It's very VERY important to note that the Defense+ settings are all turned off except for teh sandboxing. The behavioral analysis and cloud scanner both revealed it to be a malicious file.
This is also a test of the automatic sandbox. The manual sandbox will give better results.
Black-Day bypassed the sandbox, even with Untrusted settings.
Screenies below of the infection.
As you can see the blackday Trojan when sandboxed as Restricted was able to infect those files. I ran it as Untrusted in a new clean VM and the results were the same.
It's very VERY important to note that the Defense+ settings are all turned off except for teh sandboxing. The behavioral analysis and cloud scanner both revealed it to be a malicious file.