Should Trustware Vulnerability Test comes under the supervision of Anti-Keyloggers?

I think D&S is just the default sensitive folder. In bufferzone you can add any folder to sensitive zone (like Sandboxie drop my rights?). I think Outpost Pro also has such an option.

 

I truly don't know what are you talking about I have tested on my own this Trojdemo.exe which is suppose to be the keylogger. Guess what, SBIE passed.
I have manually blocked access to my documents in SBIE (D: partition), and the result was "no data steal"!
SBIE passed this test.
So, Sandboxie passed this key-logger test.

 

So, why is hysteria present so much about this test?

 

maybe because it is not a real malware test

 

I've done this test again, and it actually says: No data files in "My documents"-no data steal.
SBIE passed this key-logger test with some configuration:
I opened "Resource access-file access-blocked access" in SBIE, and I blocked access to My documents, D: partition, folder WindowsXPPro, and I also blocked access to "Manager1 documents".
I also have "Drop rights" enabled.
With this configuration SBIE 3.62 passes this key-logger test (TrojDemo.exe).

 

it tries to read files of My documents...
But BufferZone Pro protects My documents from reading...

sandboxie also blocks this way

 

I'm sure it would pass for me too, if I had sandboxie configured that way. I don't so it said that it had read My Documents. It wasn't allowed to phone home because of my internet restrictions. I wasn't saying that sandboxie failed. Maybe everyone doesn't have the same configuration as you. So results may vary. Thanks for the professional approval though.

 

Do you have My Documents folder empty? Now, seriously, by design a low integrity level object can read from medium integrity level objects. Did you apply the NoReadUp flag to your My Documents folder?

 

but the 1806 tweak trick can be very usufull when it comes to prevent malware infection

 

It can, sure. I use it. But, it has no effect against something we do wish to execute. Nor a low integrity level will. If we wish to execute something, then we'll remove the low integrity level. That's always the weak spot, isn't it?

The only way for something running with a medium integrity level not to read your My Documents folder/other sensitive folder, would be for this/these folder(s) to have applied a high integrity level with the NoReadUp flag, making low and medium integrity level objects blind to such folders.

Then again, if we execute this something with administrative rights, only encryption would save your back.

 

... and with a more recent version (ZA 10):

Running the application "..."


Deny results:


Pushing on "Attack results"


Deny results:

 

Yeah I tried it again today and it didn't get very far. Comodo placed it as a untrusted process and it was pretty much blocked. I did allow it to run in sandboxie and the window popped up that said it stole 690 files. Then I got a lot of beeps and it said explorer wasn't allowed to run due to restrictions and internet was denied due to restrictions as well.
Maybe the first time I ran the test it wasn't sandboxed. Not really sure what happened. Obviously operator error on my part.