App Review Sandboxes against a simple API exploit

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
D

Deleted member 2913

Comodo Autosandbox was on default settings?
Coz couple months back in one of my thread in Comodo software category I have mentioned deletevolume.exe (harmless sample) from testmypcsecurity site on execution is autosandboxed by Comodo & secondary drive gets deleted. And if I remember correctly you have replied could happen with default settings (not sure about your reply I have mentioned here). I will try to search the thread & reply here.

Update - I couldn't find the thread now. Anything changed regards to Autosandbox default like rules, etc... that secondary drive deletion were protected in your video?
I remember CIS version I had tested...AS default was Full Virt.
 
Last edited by a moderator:
  • Like
Reactions: Moose
Tony Cole

Tony Cole

Level 27
Verified
May 11, 2014
1,639
For those who do not use sandboxes is there anything we can do to protect ourselves against these python based attacks. Which lead to API exploitation?
 
  • Like
Reactions: Moose
cruelsister

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,140
Guess I should have specified that I was using my suggested settings- sandboxed processes as Untrusted. As there is no reason not to harden the Box in this way- Not making this change is like never taking a Lamborghini out of First gear.

Tony- the issue with scripts in general is many Security products can't distinguish a legitimate script from a malicious one. This is a severe issue in the Enterprise space, and the cause of most of the recent breaches (and also the reason why many Corporations are switching from Traditional protection to solutions based on virtualization like FireEye and Palo Alto).
 
  • Like
Reactions: Handsome Recluse, Cats-4_Owners-2, arslan ejaz and 3 others
D

Deleted member 2913

cruelsister said:
Guess I should have specified that I was using my suggested settings- sandboxed processes as Untrusted. As there is no reason not to harden the Box in this way- Not making this change is like never taking a Lamborghini out of First gear.

Tony- the issue with scripts in general is many Security products can't distinguish a legitimate script from a malicious one. This is a severe issue in the Enterprise space, and the cause of most of the recent breaches (and also the reason why many Corporations are switching from Traditional protection to solutions based on virtualization like FireEye and Palo Alto).
Click to expand...
So you maxed CIS settings.
Did you maxed Sandboxie settings too?
 
  • Like
Reactions: Moose
Tony Cole

Tony Cole

Level 27
Verified
May 11, 2014
1,639
Yes the hospital I work at now employs virutal protection for data protection and medical records. Is Comodo now Windows 10 proof?
 
  • Like
Reactions: Moose
D

Deleted member 2913

cruelsister said:
SB doesn't have any such generalized setting.
Click to expand...
Ok.

You test mostly modified CIS settings...thats good as it shows the power of CIS.

But would be good to see tests with default settings too... as there are many users like me those go with default settings & would like to see how default settings does against any/all threats....& default settings are kind of recommended settings for majority so defaults should be put to test more.
 
  • Like
Reactions: Cch123 and Moose
Terry Ganzi

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
yesnoo said:
Ok.

You test mostly modified CIS settings...thats good as it shows the power of CIS.

But would be good to see tests with default settings too... as there are many users like me those go with default settings & would like to see how default settings does against any/all threats....& default settings are kind of recommended settings for majority so defaults should be put to test more.
Click to expand...

But if you were following what Cruelsister post you will have found out that she don't recommend using default settings & why.
 
  • Like
Reactions: nissimezra, 379EXHD, Moose and 1 other person
K

kmr1684

Level 3
Verified
Jun 23, 2014
148
Moose said:
Could you show the tweaks, necessary to additional protections?

Kind regards,
Click to expand...
hi, like umbra said using and restriction setting of it depends on how you configure and based on your liking. if you asking me it is same like using and understanding how comodo works.nothing to add more on this learning curve, nobody will became perfect in one day, it will take years to become one, so have patience and fun in learning, only personal experience is the best teacher.

ps: if you learn how to use anti executable then you can understand what is happening in your pc then you will in full control over your system and understand if there is some thing wrong in it. this is not a joke but i pain full path nobody wants to take.
 
  • Like
Reactions: Cats-4_Owners-2 and Moose
Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
We, on Croatian forum have some doubt.
When you test Sandboxie, Comodo sandbox was turned on or...?
If Comodo sandbox was turned on how did exploit, who is bypass Sandboxie, bypass Comodo sandbox?
 
D

Deleted member 178

not to say that Sandboxie is incompatible with Comodo sandbox. (well known fact on both Comodo and sandboxie forums)
You can see that the tray icon of Sbie doesnt keep the red dots (meaning no sandboxing is applied).

i sufffered this bug when i installed CIS and Sbie, Sbie couldn't protect my browser; in fact it even didn't start at all.

i didn't pay attention that both was running when i wrote my post earlier. it is by reading @Av Gurus' comment that i saw the issue.

so basically the test is irrelevant for checking Sbie protection. Sbie should have been tested alone with proper settings.
 
  • Like
Reactions: Cats-4_Owners-2, scot, Oxygen and 1 other person
K

kmr1684

Level 3
Verified
Jun 23, 2014
148
Umbra said:
not to say that Sandboxie is incompatible with Comodo sandbox. (well known fact on both Comodo and sandboxie forums)
You can see that the tray icon of Sbie doesnt keep the red dots (meaning no sandboxing is applied).

i sufffered this bug when i installed CIS and Sbie, Sbie couldn't protect my browser; in fact it even didn't start at all.

i didn't pay attention that both was running when i wrote my post earlier. it is by reading @Av Gurus' comment that i saw the issue.

so basically the test is irrelevant for checking Sbie protection. Sbie should have been tested alone with proper settings.
Click to expand...

do you believe she going to accept it, well i do not know, but again, you know the answer. :D:p
 
  • Like
Reactions: Moose

Similar threads

Ink
    • Like
    • Wow
Technology Microsoft is working on a copyright-identifying tool
Replies
0
Views
406
Technology News
Ink
Ink
simmerskool
    • Wow
    • +Reputation
    • Like
Security News Any NFC-enabled Android phone could forge a master key for every room in a hotel
Replies
0
Views
807
Security News
simmerskool
simmerskool
Brownie2019
    • Like
Unlimited Giveaway Aiseesoft Video Repair free License 1yr
Replies
0
Views
367
Giveaways, Promotions and Contests
Brownie2019
Brownie2019

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top