The COMODO Sandbox - does it protect against keyloggers?

Discussion in 'sandboxing & virtualization' started by raven211, Apr 18, 2010.

Thread Status:
Not open for further replies.
  1. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    This is probably the biggest issue with respected virtualization software; they can handle all types of malicious activity except for a single one; keylogging. SandboxIE is supposed to have this problem, reading the creator's own FAQ.


    Now I'm asking about another Sandbox; COMODO. Does COMODO have the same problem?
     
  2. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    216
    Location:
    Romania
    Spyshelter keylogger test

    spyshelter_first.png

    If I block D+ alert i get this

    spyshelter_fail.png

    If I allow D+ alert keylogger is successful

    spyshelter_OK.png

    Zemana keylogger test

    zemana_first.png

    If I allow or block D+ alert I get this

    zemana_fail.png
     
  3. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Sounds good. What about disabled D+ with pure Sandboxing approach? I've seen "D+" still alerts when supposedly disabled, so that would be interesting. Otherwise I'll re-enable D+ again. :) Thank you
     
  4. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    216
    Location:
    Romania
    OK, D+ disabled. Zemana fails in sandbox and Spyshelter is successful. No popup from D+ after I disable it.

    Ah and my CIS config is Proactive security with Firewall and D+ in Safe Mode, Sandbox enabled.
     
  5. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    FW disabled and D+ in IS (default) mode then? :D
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,983

    Understand it is not the intent of a sandbox to detect keylogging behavior, it's intent is to isolate it from the system. So if a keylogger downloaded from a site, and it needed to install a driver, that should be blocked.

    But if one is installed on your system, a sandbox won't help at all.

    Pete
     
  7. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    No no, I was referring to the highest (Proactive) preset and what difference it would be to run it at its default. That's what I wanna run, hence I'd like to know his results on those settings, if he has time and will to do it still.
     
  8. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    216
    Location:
    Romania
    I'll do that today when I'm at home.
    So FW disabled and D+ in IS? Oki-doki. :)
     
  9. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Thanks a lot man, appreciate it. :D D+ in IS is correct - that's the default, middle preset. :)
     
  10. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    216
    Location:
    Romania
    Same behavior like above. Zemana blocked on both Allow/Block from D+ and Spyshelter successful on Allow and fail on Block alert from D+.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.