Interesting example

Can anybody provide this interesting malware example that jums out of SandBox, but only when SandBox is accompanied by Comodo ?

http://sandboxie.com/phpbb/viewtopic.php?t=4948&postdays=0&postorder=asc&start=0

http://forums.comodo.com/leak_testi...ewall_sandboxie_serious_problem-t34312.0.html

Unfortunately, the link from the SB forum is not valid anymore

 

The link works for me, i am reading it.

 

I mean download link:

===
hxxp://************/y1pXm4AmhPZ-DEI8fsYNsAB1gDhPGNn4Fe-cSrJadzoG_Dw_CD_a68DsboKUEJgCcYnDaMYXUc5YPbVxXfqeQCjoA/gOOGLE.exe
===

The forum itself is accessible, fortunately

 

If anybody already downloaded this sample- please, send it to me via e-mail or PM.

 

Same here - I would be very interested in this sample.

 

According to Tzuk nothing is written outside of SBIE on his tests so this does seem to be a case of misconfiguration/conflict as these SBIE-bypassing super malware almost invariably turn out to be. Having said that it will be interesting to see if there is a security hole by default or by user error.

 

Most malware can live only due to user errors. This is what additional security is for - to correct user errors.

 

Ran it here in a default sanbox with no leeks at all?

 

You need to have sandboxie and CIS installed together and allow the defense+ pop-up for debug privileges,

I haven't tested it myself though.

 

I tried it with

1- CIS 3.5.57173.439 and SBIE 3.34

2- CIS 3.5.57173.439 and GW

3- CIS alone

No problems. No leaks on my system.

 

Thanks for the update,

I just saw the new post on the sandboxie thread as well looks like a problem with the OP only,

No leaks.