Curious Question!

Status
Not open for further replies.
Malware Man

Malware Man

Level 9
Thread author
Verified
Well-known
Feb 2, 2013
440
Hello,

Forgive me if this is some stupid question, but did anyone ever get something past all features of CIS? Is it possible for something to get out of the sandbox. I'd assume that nothing will ever get past due to the sandbox just sand boxing everything it don't know.

Again, forgive me if this is a stupid question, lol.

I am just curious and always been wondering.

Thanks. :)
 
D

Deleted member 178

On Comodo forum, have some thread about malwares that bypass CIS in some specific settings.
 
3link9

3link9

Level 5
Verified
Oct 22, 2011
860
Once during testing, I wanted to test its sandbox and hips using the "Restricted" setting, A rouge called " System Progressive Protection" which was a nasty rouge for awhile bypassed it. I was shocked that it even bypassed the sandbox but Yeah.
But its one of those rare occasions.
If you read the comodo forums, There have been malware that bypassed Comodo depending the type of settings you use.

But what got me, I never even got a HIPS Alert so after I got the infection, I restored the snapshot and tried to run it in the sandbox but it still bypassed it.
So like I said, it happens but rarely.
 
Chiron

Chiron

Level 1
Feb 24, 2011
250
The levels Untrusted and Fully Virtualized (which must be enabled through a registry tweak) are both unbypassed as far as I have seen so far.
 
D

Deleted member 178

Chiron said:
The levels Untrusted and Fully Virtualized (which must be enabled through a registry tweak) are both unbypassed as far as I have seen so far.
Click to expand...

True but only aware users will set CIS as you said, basic/beginners ones are (for the moment) under a risk (ieven if the risks are low)
 
Malware Man

Malware Man

Level 9
Thread author
Verified
Well-known
Feb 2, 2013
440
3link9 said:
Once during testing, I wanted to test its sandbox and hips using the "Restricted" setting, A rouge called " System Progressive Protection" which was a nasty rouge for awhile bypassed it. I was shocked that it even bypassed the sandbox but Yeah.
But its one of those rare occasions.
If you read the comodo forums, There have been malware that bypassed Comodo depending the type of settings you use.

But what got me, I never even got a HIPS Alert so after I got the infection, I restored the snapshot and tried to run it in the sandbox but it still bypassed it.
So like I said, it happens but rarely.
Click to expand...

Hello,

That seems quite interesting! I myself never seen anything pass it. But as the saying goes, you'll never be 100% protected ;)
 
Chiron

Chiron

Level 1
Feb 24, 2011
250
Chiron said:
The levels Untrusted and Fully Virtualized (which must be enabled through a registry tweak) are both unbypassed as far as I have seen so far.
Click to expand...
Actually I have looked into Fully Virtualized more deeply and it appears that it has problems with keyloggers beign able to log data. Also, there is an issue where malware could bypass teh firewall by using a certain method within the Fully Virtualized sandbox.

The relevant topics are:
Getting key logged with a sandboxed keylogging tester.And in Virtual Kiosk
Kiosk Vulnerable to Simple Simple LeakTest
 
Malware Man

Malware Man

Level 9
Thread author
Verified
Well-known
Feb 2, 2013
440
Chiron said:
Chiron said:
The levels Untrusted and Fully Virtualized (which must be enabled through a registry tweak) are both unbypassed as far as I have seen so far.
Click to expand...
Actually I have looked into Fully Virtualized more deeply and it appears that it has problems with keyloggers beign able to log data. Also, there is an issue where malware could bypass teh firewall by using a certain method within the Fully Virtualized sandbox.

The relevant topics are:
Getting key logged with a sandboxed keylogging tester.And in Virtual Kiosk
Kiosk Vulnerable to Simple Simple LeakTest
Click to expand...
Hello,

I have fully virutalized turned on now and am using it. I am also using Zemana AntiLogger installed. So that should protect me against those key loggers right?
 
Chiron

Chiron

Level 1
Feb 24, 2011
250
Malware Man said:
Chiron said:
Chiron said:
The levels Untrusted and Fully Virtualized (which must be enabled through a registry tweak) are both unbypassed as far as I have seen so far.
Click to expand...
Actually I have looked into Fully Virtualized more deeply and it appears that it has problems with keyloggers beign able to log data. Also, there is an issue where malware could bypass teh firewall by using a certain method within the Fully Virtualized sandbox.

The relevant topics are:
Getting key logged with a sandboxed keylogging tester.And in Virtual Kiosk
Kiosk Vulnerable to Simple Simple LeakTest
Click to expand...
Hello,

I have fully virutalized turned on now and am using it. I am also using Zemana AntiLogger installed. So that should protect me against those key loggers right?
Click to expand...
I'm not sure it would as Zemana would be running on the actual computer while the malware you're worried about would be isolated in the sandbox. In short, I'm not sure one way or the other, but I'd be interested to hear about your results.
 
Malware Man

Malware Man

Level 9
Thread author
Verified
Well-known
Feb 2, 2013
440
Chiron said:
Malware Man said:
Chiron said:
Chiron said:
The levels Untrusted and Fully Virtualized (which must be enabled through a registry tweak) are both unbypassed as far as I have seen so far.
Click to expand...
Actually I have looked into Fully Virtualized more deeply and it appears that it has problems with keyloggers beign able to log data. Also, there is an issue where malware could bypass teh firewall by using a certain method within the Fully Virtualized sandbox.

The relevant topics are:
Getting key logged with a sandboxed keylogging tester.And in Virtual Kiosk
Kiosk Vulnerable to Simple Simple LeakTest
Click to expand...
Hello,

I have fully virutalized turned on now and am using it. I am also using Zemana AntiLogger installed. So that should protect me against those key loggers right?
Click to expand...
I'm not sure it would as Zemana would be running on the actual computer while the malware you're worried about would be isolated in the sandbox. In short, I'm not sure one way or the other, but I'd be interested to hear about your results.
Click to expand...

Haha same, it's really interesting. But I wouldn't take my chance with key loggers on my machine. I'd rather not have my passwords and key strokes all logged.

I do not currently have VM software installed.

But then again, I have such a low rate in getting infected. The last time I got infected was maybe 5 years ago lol. I was so young and clicking on everything and downloading whatever because I was just a little kid. I had avast! installed and it prompted me to do a boot time scan and it did one and got rid of my virus for me. Since them I trusted avast! but now have moved on to COMODO since I found out about it later on.

:eek:fftopic:

I do remember once though, on the family computer I somehow made literally over 1000 copies of each icon on the desktop. I think we all sat down taking turns deleting icon after icon for about an hour or so. I wouldn't be able to tell ya how I even made that happen.

Now, things have changed. We all have laptops and I am the computer guru in the house. Everyone comes to me since they know how much I love fixing them and solving computer problems :)

When I went to get my phone this year, the misses at the store was so impressed with my knowledge about every phone there she said that I should ask for a job lol. I think I may of knew more then her with some of the phones, haha.

Sorry for going off topic, I have a bad habit of rambling on from one subject to another. Especially with anything technology related ;)
 
Status
Not open for further replies.

Similar threads

SABRINA S
    • Like
New Member introduction
Replies
15
Views
574
New Members Introduction
Pat MacKnife
Pat MacKnife
S
Question Can KVRT scan the VM's host?
Replies
2
Views
153
Kaspersky
simmerskool
simmerskool
BigWrench
    • Like
Trying out Password Boss
Replies
5
Views
428
Passwords and passkeys
outlawxtorn
O

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top