Добрался до теста четверки (4.0.138377.779) на Матоусек.
Основные настройки из конфига: processes=3
explorer.EXE
cfp.exe
cmdagent.exe
files=6
C:\!\COMMAND.COM
C:\!\ntldr
C:\!\panel-background.png
C:\!prot\COMMAND.COM
C:\!prot\ntldr
C:\!prot\panel-background.png
registry=2
HKLM\System\SOFTWARE\Comodo\\Test1
HKLM\System\SOFTWARE\Comodo\\Test2
Примечания: 1. Папка
C:\!prot* добавлена в "Защищенные файлы".
2. Остальные файлы не добавлены в "Защищенные файлы".
3. Значения ("Test1" и "Test2") ключа HKLM\System\SOFTWARE\Comodo добавлены в "Защищенные ключи реестра" (по умолчанию, - группа "Ключи реестра COMODO").
4. Исправил "дефолтную ошибочку", о которой
писал XenoZ.
5. Добавил в защищённые COM-интерфейсы LocalSecurityAuthority.Shutdown, о чем
писал Ujinnee.
6. Win XP SP2.
7. Песочница отключена.
8. Проактивка - Параноидальный.
9. Файрвол - Пользовательский.
И, собственно, результат:
2010.03.29
--- Level 1 --- autorun1.exe - YOUR SYSTEM PASSED THE TEST!
autorun3.exe - YOUR SYSTEM PASSED THE TEST!
breakout2.exe - YOUR SYSTEM PASSED THE TEST!
coat.exe - YOUR SYSTEM PASSED THE TEST!
echotest.exe - YOUR SYSTEM PASSED THE TEST!
filedel2.exe - File "C:\!\COMMAND.COM" deleted. File "C:\!\panel-background.png" deleted. 2 file(s) removed.
kill1.exe - YOUR SYSTEM PASSED THE TEST!
kill2.exe - YOUR SYSTEM PASSED THE TEST!
leaktest.exe - YOUR SYSTEM PASSED THE TEST!
tooleaky.exe - YOUR SYSTEM PASSED THE TEST!
wallbreaker1.exe - YOUR SYSTEM PASSED THE TEST!
yalta.exe - YOUR SYSTEM PASSED THE TEST!
--- Level 2 --- autorun2.exe - YOUR SYSTEM PASSED THE TEST!
autorun12.exe - YOUR SYSTEM PASSED THE TEST!
autorun20.exe - YOUR SYSTEM PASSED THE TEST!
autorun30.exe - YOUR SYSTEM PASSED THE TEST!
awft1.exe - YOUR SYSTEM PASSED THE TEST!
dnstest.exe - YOUR SYSTEM PASSED THE TEST!
filemov2.exe :
File "C:\!\COMMAND.COM" added to buffer.
File "C:\!\ntldr" added to buffer.
File "C:\!\panel-background.png" added to buffer.
File "C:\!prot\COMMAND.COM" added to buffer.
File "C:\!prot\ntldr" added to buffer.
File "C:\!prot\panel-background.png" added to buffer.
ERROR: Unable to set registry value "PendingFileRenameOperations" under registry key "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager".
ghost.exe - YOUR SYSTEM PASSED THE TEST!
hostsblock.exe - YOUR SYSTEM PASSED THE TEST!
jumper.exe - YOUR SYSTEM PASSED THE TEST!
kill3.exe - YOUR SYSTEM PASSED THE TEST!
kill6.exe - YOUR SYSTEM PASSED THE TEST!
regdel1.exe - 0 registry key(s) removed. 0 registry value(s) removed.
wallbreaker3.exe - YOUR SYSTEM PASSED THE TEST!
wallbreaker4.exe - YOUR SYSTEM PASSED THE TEST!
--- Level 3 --- autorun4.exe - YOUR SYSTEM PASSED THE TEST!
autorun16.exe - YOUR SYSTEM PASSED THE TEST!
autorun24.exe - YOUR SYSTEM PASSED THE TEST!
autorun31.exe - YOUR SYSTEM PASSED THE TEST!
awft3.exe - YOUR SYSTEM PASSED THE TEST!
awft4.exe - YOUR SYSTEM PASSED THE TEST!
dnstester.exe - YOUR SYSTEM PASSED THE TEST!
filerep1.exe : File "C:\!\COMMAND.COM" replaced. File "C:\!\panel-background.png" replaced. 2 file(s) replaced.
kernel1.exe - YOUR SYSTEM PASSED THE TEST!
kill3f.exe - выгружается панель задач, explorer, по всей видимости не убивается т. к. открытые папки не выгружаются, запускается проводник, процесс висит в памяти потребляя до 70% ресурсов процессора.
kill4.exe - YOUR SYSTEM PASSED THE TEST!
kill7.exe - YOUR SYSTEM PASSED THE TEST!
regset1.exe - 0 registry value(s) changed.
sss2.exe - YOUR SYSTEM PASSED THE TEST!
suspend1.exe - YOUR SYSTEM PASSED THE TEST!
thermite.exe - YOUR SYSTEM PASSED THE TEST!
wallbreaker2.exe - YOUR SYSTEM PASSED THE TEST!
--- Level 4 --- autorun6.exe - YOUR SYSTEM PASSED THE TEST!
autorun9.exe - YOUR SYSTEM PASSED THE TEST!
autorun14.exe - YOUR SYSTEM PASSED THE TEST!
autorun17.exe - YOUR SYSTEM PASSED THE TEST!
autorun26.exe - YOUR SYSTEM PASSED THE TEST!
autorun36.exe - YOUR SYSTEM PASSED THE TEST!
autorun37.exe - YOUR SYSTEM PASSED THE TEST!
autorun-nat.exe - Приложение C:\Level4\autorun-nat.exe нельзя запустить в режиме Win32.
copycat.exe - YOUR SYSTEM PASSED THE TEST!
cpil.exe - YOUR SYSTEM PASSED THE TEST!
cpilsuite1.exe - YOUR SYSTEM PASSED THE TEST!
filerep2.exe - 0 file(s) replaced.
inject2.exe - YOUR SYSTEM PASSED THE TEST!
inject3.exe - YOUR SYSTEM PASSED THE TEST!
kernel1b.exe - YOUR SYSTEM PASSED THE TEST!
keylog1.exe - YOUR SYSTEM PASSED THE TEST!
kill3e.exe - YOUR SYSTEM PASSED THE TEST!
kill8.exe - YOUR SYSTEM PASSED THE TEST!
kill9.exe - YOUR SYSTEM PASSED THE TEST!
sss.exe - YOUR SYSTEM PASSED THE TEST!
suspend2.exe - YOUR SYSTEM PASSED THE TEST!
--- Level 5 --- autorun5.exe - YOUR SYSTEM PASSED THE TEST!
autorun15.exe - YOUR SYSTEM PASSED THE TEST!
autorun18.exe - YOUR SYSTEM PASSED THE TEST!
autorun21.exe - YOUR SYSTEM PASSED THE TEST!
autorun28.exe - YOUR SYSTEM PASSED THE TEST!
breakout1.exe - YOUR SYSTEM PASSED THE TEST!
cpilsuite2.exe - Если разрешить глобальный хук cpilsuite2dll.dll - провален, если не разрешать - YOUR SYSTEM PASSED THE TEST!
crash1.exe - YOUR SYSTEM PASSED THE TEST!
crash2.exe - YOUR SYSTEM PASSED THE TEST!
crash3.exe - YOUR SYSTEM PASSED THE TEST!
crash4.exe - YOUR SYSTEM PASSED THE TEST!
filewri1.exe : File "C:\!\COMMAND.COM" corrupted. File "C:\!\panel-background.png" corrupted. 2 file(s) corrupted.
kernel2.exe - YOUR SYSTEM PASSED THE TEST!
kernel3.exe - YOUR SYSTEM PASSED THE TEST!
keylog2.exe - YOUR SYSTEM PASSED THE TEST!
kill3c.exe - YOUR SYSTEM PASSED THE TEST!
kill3d.exe - YOUR SYSTEM PASSED THE TEST!
regdel2.exe : ERROR: Unable to add "SeRestorePrivilege" to current process' token. 0 registry key(s) removed. 0 registry value(s) removed. ERROR: Unable to save registry key "SOFTWARE\ssts_blank" under parent key handle 0x80000001 to file "ssts_blank.tmp".
svckill.exe - YOUR SYSTEM PASSED THE TEST!
vbstest.exe - YOUR SYSTEM PASSED THE TEST!
--- Level 6 --- autorun7.exe - YOUR SYSTEM PASSED THE TEST!
autorun22.exe - YOUR SYSTEM PASSED THE TEST!
autorun25.exe - YOUR SYSTEM PASSED THE TEST!
autorun27.exe - YOUR SYSTEM PASSED THE TEST!
autorun29.exe - YOUR SYSTEM PASSED THE TEST!
autorun32.exe - YOUR SYSTEM PASSED THE TEST!
cpilsuite3.exe - Если разрешить глобальный хук cpilsuite3dll.dll - провален, если не разрешать - YOUR SYSTEM PASSED THE TEST!
crash5.exe - YOUR SYSTEM PASSED THE TEST!
crash6.exe - YOUR SYSTEM PASSED THE TEST!
ddetest.exe - YOUR SYSTEM PASSED THE TEST!
echotest2.exe - YOUR SYSTEM PASSED THE TEST!
filewri2.exe : File "C:\!\COMMAND.COM" corrupted. File "C:\!\panel-background.png" corrupted. 2 file(s) corrupted.
firehole.exe - YOUR SYSTEM PASSED THE TEST!
flank.exe - YOUR SYSTEM PASSED THE TEST!
kernel4.exe - YOUR SYSTEM PASSED THE TEST!
keylog3.exe - YOUR SYSTEM PASSED THE TEST! - Тест успешно пройден как сразрешением глобального хука keylog3.exe, так и без оного
keylog4.exe - YOUR SYSTEM PASSED THE TEST! - Тест успешно пройден как сразрешением глобального хука keylog4.exe, так и без оного
kill10.exe - YOUR SYSTEM PASSED THE TEST!
kill11.exe - YOUR SYSTEM PASSED THE TEST!
runner.exe - YOUR SYSTEM PASSED THE TEST!
--- Level 7 --- autorun8.exe - YOUR SYSTEM PASSED THE TEST!
autorun10.exe - YOUR SYSTEM PASSED THE TEST!
autorun19.exe - YOUR SYSTEM PASSED THE TEST!
autorun33.exe - YOUR SYSTEM PASSED THE TEST!
autorun35.exe - YOUR SYSTEM PASSED THE TEST!
bitstest.exe - YOUR SYSTEM PASSED THE TEST!
crash4b.exe - YOUR SYSTEM PASSED THE TEST!
filedel1.exe - File "C:\!\COMMAND.COM" deleted. File "C:\!\panel-background.png" deleted. 2 file(s) removed.
filemov1.exe :
File "C:\!\COMMAND.COM" renamed to "0_0_COMMAND_COM" under temporary directory.
File "C:\!\ntldr" renamed to "0_1_ntldr" under temporary directory.
File "C:\!\panel-background.png" renamed to "0_2_panel-background_png" under temporary directory.
3 file(s) renamed.
filewri3.exe - File "C:\!\COMMAND.COM" corrupted. File "C:\!\panel-background.png" corrupted. 2 file(s) corrupted.
firehole2.exe - YOUR SYSTEM PASSED THE TEST!
inject1.exe - YOUR SYSTEM PASSED THE TEST!
keylog5.exe - YOUR SYSTEM PASSED THE TEST!
keylog6.exe - YOUR SYSTEM PASSED THE TEST!
kill12.exe - YOUR SYSTEM PASSED THE TEST!
osfwbypass.exe - YOUR SYSTEM PASSED THE TEST!
regacc1.exe - 0 registry object(s) changed.
runner2.exe - YOUR SYSTEM PASSED THE TEST!
schedtest.exe - YOUR SYSTEM PASSED THE TEST!
sss3.exe - YOUR SYSTEM PASSED THE TEST!
--- Level 8 --- autorun11.exe - YOUR SYSTEM PASSED THE TEST!
autorun13.exe - YOUR SYSTEM PASSED THE TEST!
autorun23.exe - YOUR SYSTEM PASSED THE TEST!
autorun34.exe - YOUR SYSTEM PASSED THE TEST!
filedel3.exe - File "C:\!\COMMAND.COM" deleted. File "C:\!\panel-background.png" deleted. 2 file(s) removed.
fileopn1.exe - File "C:\!\panel-background.png" corrupted. 1 file(s) corrupted.
fileopn2.exe - File "C:\!\panel-background.png" corrupted. 1 file(s) corrupted.
kernel4b.exe - YOUR SYSTEM PASSED THE TEST!
kernel5.exe - YOUR SYSTEM PASSED THE TEST!
kernel5b.exe - YOUR SYSTEM PASSED THE TEST!
keylog7.exe - YOUR SYSTEM PASSED THE TEST!
kill5.exe - YOUR SYSTEM PASSED THE TEST!
newclass.exe - YOUR SYSTEM PASSED THE TEST!
schedtest2.exe - YOUR SYSTEM PASSED THE TEST!
socksnif.exe - YOUR SYSTEM PASSED THE TEST!
sss4.exe - Выскакивает 1. попап: "The output of this test wil be redirected to "sss4.txt" с кнопкой ОК (файл sss4.txt создается в папке теста, но он пустой), затем 2. попап: "Shutdown the system continue" с кнопокй ОК. При нажатии ОК ничего не происходит.
--- Level 9 --- crash7.exe - YOUR SYSTEM PASSED THE TEST!
fileacc1.exe - 0 file(s) changed.
filectl1.exe - 0 file(s) changed.
filewri4.exe - ERROR: Unable to open disk "\\?\Volume{a4c28350-74bb-11db-8a21-806d6172696f}" for direct access.
Результат, имхо, отличный. Под вопросом только kill3f.exe из Level 3. Но, возможно, это действительно связанно с кривым файлом, это также
подтвердил и XenoZ.
)