Hello,
for example disk or mbr killers can do their work without getting interrupted by Avast.
Regarding global hooks: The Cpilsuite leaktest of Comodo can break out of the sandbox.
Tested with the newst beta and latest final build on XP SP3.
Hello,
for example disk or mbr killers can do their work without getting interrupted by Avast.
Regarding global hooks: The Cpilsuite leaktest of Comodo can break out of the sandbox.
Tested with the newst beta and latest final build on XP SP3.
Comodo’s not a valuable reference here :
edit: forgot to mention that I tested their CIS 4 sandbox, it’s a complete disaster, can break a whole system if left with default settings, i.e. sandboxing automatically “unrecognized programs”. + running purposely many software through this same sandbox either crashes the app either does nothing >>> no process started ???
But I am and anti Comodo trolling won’t change this.
So, here’s the proof:
Start CPILSuite.exe sandboxed.
Choose method 2 or 3.
The Internet Explorer gets started outside of the sandbox (bypassed / breakout):
http://www.ld-host.de/uploads/thumbnails/eb8273b96414b455e637d5a0594ccdad.png
http://www.ld-host.de/uploads/thumbnails/a6e3584c9d82adbe6d8b586f6fcf392b.png
What did happen? The leaktest injected it’s code into explorer.exe which the sandbox didn’t prevent. Then the explorer.exe started the Internet Explorer.
Regarding the direct disk access issue: I could only show you an image in which the VM says that it can’t boot anymore.
But if you want I can send you the sample via PM so that you can convince yourself.
I won’t even bother looking at your Comodo trolling pics, ya see what happens when two trolls meet ;D
Any developer comment?
This sounds good - thank you.