Curious Question!

Malware Man · Feb 11, 2013

Hello,

Forgive me if this is some stupid question, but did anyone ever get something past all features of CIS? Is it possible for something to get out of the sandbox. I'd assume that nothing will ever get past due to the sandbox just sand boxing everything it don't know.

Again, forgive me if this is a stupid question, lol.

I am just curious and always been wondering.

Thanks.

Deleted member 178 · Feb 11, 2013

On Comodo forum, have some thread about malwares that bypass CIS in some specific settings.

3link9 · Feb 11, 2013

Once during testing, I wanted to test its sandbox and hips using the "Restricted" setting, A rouge called " System Progressive Protection" which was a nasty rouge for awhile bypassed it. I was shocked that it even bypassed the sandbox but Yeah.
But its one of those rare occasions.
If you read the comodo forums, There have been malware that bypassed Comodo depending the type of settings you use.

But what got me, I never even got a HIPS Alert so after I got the infection, I restored the snapshot and tried to run it in the sandbox but it still bypassed it.
So like I said, it happens but rarely.

Chiron · Feb 11, 2013

The levels Untrusted and Fully Virtualized (which must be enabled through a registry tweak) are both unbypassed as far as I have seen so far.

Deleted member 178 · Feb 11, 2013

Chiron said:
The levels Untrusted and Fully Virtualized (which must be enabled through a registry tweak) are both unbypassed as far as I have seen so far.

True but only aware users will set CIS as you said, basic/beginners ones are (for the moment) under a risk (ieven if the risks are low)

Malware Man · Feb 12, 2013

Thanks everyone for your answers!

Malware Man · Feb 12, 2013

3link9 said:
Once during testing, I wanted to test its sandbox and hips using the "Restricted" setting, A rouge called " System Progressive Protection" which was a nasty rouge for awhile bypassed it. I was shocked that it even bypassed the sandbox but Yeah.
But its one of those rare occasions.
If you read the comodo forums, There have been malware that bypassed Comodo depending the type of settings you use.

But what got me, I never even got a HIPS Alert so after I got the infection, I restored the snapshot and tried to run it in the sandbox but it still bypassed it.
So like I said, it happens but rarely.

Hello,

That seems quite interesting! I myself never seen anything pass it. But as the saying goes, you'll never be 100% protected

Chiron · Feb 15, 2013

Chiron said:
The levels Untrusted and Fully Virtualized (which must be enabled through a registry tweak) are both unbypassed as far as I have seen so far.

Actually I have looked into Fully Virtualized more deeply and it appears that it has problems with keyloggers beign able to log data. Also, there is an issue where malware could bypass teh firewall by using a certain method within the Fully Virtualized sandbox.

The relevant topics are:
Getting key logged with a sandboxed keylogging tester.And in Virtual Kiosk
Kiosk Vulnerable to Simple Simple LeakTest

Malware Man · Feb 18, 2013

Chiron said:
Chiron said:

The levels Untrusted and Fully Virtualized (which must be enabled through a registry tweak) are both unbypassed as far as I have seen so far.

Click to expand...

Actually I have looked into Fully Virtualized more deeply and it appears that it has problems with keyloggers beign able to log data. Also, there is an issue where malware could bypass teh firewall by using a certain method within the Fully Virtualized sandbox.

The relevant topics are:
Getting key logged with a sandboxed keylogging tester.And in Virtual Kiosk
Kiosk Vulnerable to Simple Simple LeakTest

Hello,

I have fully virutalized turned on now and am using it. I am also using Zemana AntiLogger installed. So that should protect me against those key loggers right?

Chiron · Feb 18, 2013

Malware Man said:
Chiron said:

Chiron said:

The levels Untrusted and Fully Virtualized (which must be enabled through a registry tweak) are both unbypassed as far as I have seen so far.

Click to expand...

Actually I have looked into Fully Virtualized more deeply and it appears that it has problems with keyloggers beign able to log data. Also, there is an issue where malware could bypass teh firewall by using a certain method within the Fully Virtualized sandbox.

The relevant topics are:
Getting key logged with a sandboxed keylogging tester.And in Virtual Kiosk
Kiosk Vulnerable to Simple Simple LeakTest

Click to expand...

Hello,

I have fully virutalized turned on now and am using it. I am also using Zemana AntiLogger installed. So that should protect me against those key loggers right?

I'm not sure it would as Zemana would be running on the actual computer while the malware you're worried about would be isolated in the sandbox. In short, I'm not sure one way or the other, but I'd be interested to hear about your results.

Malware Man · Feb 18, 2013

Chiron said:
Malware Man said:

Chiron said:

Chiron said:

The levels Untrusted and Fully Virtualized (which must be enabled through a registry tweak) are both unbypassed as far as I have seen so far.

Click to expand...

Actually I have looked into Fully Virtualized more deeply and it appears that it has problems with keyloggers beign able to log data. Also, there is an issue where malware could bypass teh firewall by using a certain method within the Fully Virtualized sandbox.

The relevant topics are:
Getting key logged with a sandboxed keylogging tester.And in Virtual Kiosk
Kiosk Vulnerable to Simple Simple LeakTest

Click to expand...

Hello,

I have fully virutalized turned on now and am using it. I am also using Zemana AntiLogger installed. So that should protect me against those key loggers right?

Click to expand...

I'm not sure it would as Zemana would be running on the actual computer while the malware you're worried about would be isolated in the sandbox. In short, I'm not sure one way or the other, but I'd be interested to hear about your results.

Haha same, it's really interesting. But I wouldn't take my chance with key loggers on my machine. I'd rather not have my passwords and key strokes all logged.

I do not currently have VM software installed.

But then again, I have such a low rate in getting infected. The last time I got infected was maybe 5 years ago lol. I was so young and clicking on everything and downloading whatever because I was just a little kid. I had avast! installed and it prompted me to do a boot time scan and it did one and got rid of my virus for me. Since them I trusted avast! but now have moved on to COMODO since I found out about it later on.

fftopic:

I do remember once though, on the family computer I somehow made literally over 1000 copies of each icon on the desktop. I think we all sat down taking turns deleting icon after icon for about an hour or so. I wouldn't be able to tell ya how I even made that happen.

Now, things have changed. We all have laptops and I am the computer guru in the house. Everyone comes to me since they know how much I love fixing them and solving computer problems

When I went to get my phone this year, the misses at the store was so impressed with my knowledge about every phone there she said that I should ask for a job lol. I think I may of knew more then her with some of the phones, haha.

Sorry for going off topic, I have a bad habit of rambling on from one subject to another. Especially with anything technology related

Search

Search

Curious Question!

Malware Man

Level 9

Deleted member 178

3link9

Level 5

Chiron

Level 1

Deleted member 178

Malware Man

Level 9

Malware Man

Level 9

Chiron

Level 1

Malware Man

Level 9

Chiron

Level 1

Malware Man

Level 9

You may also like...