This Keylogger Defeats Zemana And Comodo D+

Probably it was not enabled during your test?

Also, i hate VM's for that reason, they're so unstable for me (Or maybe i just feel it's unstable but really it is not)

 

I'm sure it was enabled during the test.

I have no problems with VM's, they're just slow sometimes, but that's just because it's heavy for normal consumer PC's to run two OS's plus their programs at the same time

 

...but it will end soon. At least from ClearCloud DNS side. I contacted them (most likely not me only) via their contact form and i received response today, that they will remove your site from blacklist in next update.

 

I can confirm that Prevx easily evades this keylogger with its SafeOnline module.

 

The update is now in effect. The site is no longer blocked.

 

The so-called "Block" by Process Guard gives no indication that the file is a keylogger. In fact, all PG has done in this case is to function as an anti-executable.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You may have guessed that I hold anti-executables in very low regard as security apps. . .

 

Hi bellgamin
But isn't the point that sometime, something else (malware) may try to start the executable, and that is when the execution blocker starts to earn its keep?

 

Some do a little more then that like not saying anything, just doing it silently and accurately.

 

I always consider that if the pop up at least tells me it's trying to key log my input, then i consider it blocked (In which Online Armor alerted about key log activities)

 

Indeed, and that's fine with me as it's alerted & blocked an exe that wasn't known to my system =

Process Guard also alerts & blocks etc other useful things, it's not just an anti-exe

Really

Except that's not the whole story ! as PG would alert/block anything new you didn't double-click but tried to run, such as malware = The whole point =

 

I'm with Bellgamin opinion, but only if it's a lame Pop Up that doesn't shows or says any relevant information about the process/executable.
(Ex. ProcessGuard Pop Ups, shows no relevant information = Crappy Pop Up with no real life usability IMO) There's no real benefit from it if it doesn't alerts your of something important

At least Zemana, OA and some others alerted from key logging activities "xxxx program is trying to log your keys".

 

I agree. Through restriction configuring, Sandboxie can stop the logger from running.

 

Tested this against F-Secure 2011 just for fun.
All settings are maxed, it failed

 

Vipre failed too because it didn't warn me of any suspicious activities (Vipre HIPS is more like an anti executable).
It only warned me about "16k.exe wants to run"

 

The signature vendor is not on the TVL.

You also have to uncheck "Automatically scan unrecognized files in the cloud".

This is not signed by a trusted vendor, so the "Automatically trust files from trusted vendors" has no effect.

The question is: when it is scanned in the cloud, is it trusted because of the Comodo signature or behaviour analysis?

 

This! i asked the same thing at their forums, and they didn't give me a detailed answer.
Anyways, i'm still using Comodo CIS V5.3 and it's awesome

 

Checking in the cloud is both the cloud scanner and I believe CIMA. The behavior blocker is coming supposedly.