Xeno1234
Level 14
- Jun 12, 2023
- 684
I could try this with Harmony if it works. Ill probably just use containment and VirusScope (if thats compatable)It works with alot of edrs. My clients using defender ATP with Containment Blade
I could try this with Harmony if it works. Ill probably just use containment and VirusScope (if thats compatable)It works with alot of edrs. My clients using defender ATP with Containment Blade
On a local sandbox isolating the internet will hamper many samples from functioning, which is almost as pointless as trying to analyze sandbox aware malware. It would be interesting to know the rule-set its automated with.When locally sandboxed you won't need to worry about damage. You may also make rules to Deny traffic for contained items. Their cloud sandbox is prone to the save evasions as all others. From personal experience... I've submitted samples that tricked the comodo cloud sandbox. Check out some of my malware analysis post's for examples.
It works with Harmony. So you then have 2 cloud sandboxes and one local to prevent damage! Even if it bypasses the two cloud ones... Your local one does not care as the file is untrusted.I could try this with Harmony if it works. Ill probably just use containment and VirusScope (if thats compatable)
And the anti-malware engine on harmony is extremely good. Should block anything that gets past sandbox locally (I use gamemods, so the game has to be out of the sandbox and some mods might be malicious).It works with Harmony. So you then have 2 cloud sandboxes and one local to prevent damage! Even if it bypasses the two cloud ones... Your local one does not care as the file is untrusted.
Even without any experience with either Comodo/xcitium and Harmony I would dare to say that pretty much nothing will get past those two. Not even legitimate software. Wonder if that's actually a good setup on a productive system.And the anti-malware engine on harmony is extremely good. Should block anything that gets past sandbox locally (I use gamemods, so the game has to be out of the sandbox and some mods might be malicious).
It's overkill. Xcitium containment alone with configure defender is good. All ASR rules on.Even without any experience with either Comodo/xcitium and Harmony I would dare to say that pretty much nothing will get past those two. Not even legitimate software. Wonder if that's actually a good setup on a productive system.
Yeah its definetally overkill. If all my applications work in containment ill try it with just defender but if not, ill try out Harmony.It's overkill. Xcitium containment alone with configure defender is good. All ASR rules on.