App Review Malware bypass Comodo Firewall @ CS settings

Deleted member 178 · Apr 28, 2017

Trusted => no alerts\notifications (except when using HIPS Paranoid Mode)

aka my config, because you can't trust anyone especially cloud stuff

Av Gurus · Apr 28, 2017

Evjl's Rain said:
can you try again with cloud lookup disable?

Like this?

Evjl's Rain · Apr 28, 2017

Av Gurus said:
Like this?

View attachment 148094

yes, it's correct
first can you reset the file ratings list or reset comodo and do everything from the beginning so we would have the most correct result

shmu26 · Apr 28, 2017

Delete it from the file list, so Comodo won't remember the cloud rating.

Av Gurus · Apr 28, 2017

I restore virtual machine, don't worry

With Cloud disabled HIPS pop-up, I Allow that, file is in sandbox and Unrecognized

Deleted member 178 · Apr 28, 2017

Av Gurus said:
I restore virtual machine, don't worry
With Cloud disabled HIPS pop-up

View attachment 148095

As expected

Now you can change your thread title ^^
"malware-bypass-comodo-firewall-cs-settings because wrongly rated"

shmu26 · Apr 28, 2017

Av Gurus said:
I restore virtual machine, don't worry
With Cloud disabled HIPS pop-up, I Allow that, file is in sandbox and Unrecognized

View attachment 148095 View attachment 148096 View attachment 148097 View attachment 148098

Perfect. Great job!
So we don't need paranoid settings, we just need to disable the stupid cloud lookup.

Av Gurus · Apr 28, 2017

So, for better protection we should put HIPS to Safe Mode and disable Cloud (i don't want Paranoid Mode on HIPS, sorry)?

Evjl's Rain · Apr 28, 2017

Av Gurus said:
I restore virtual machine, don't worry
With Cloud disabled HIPS pop-up and Allow that, file is in sandbox

View attachment 148095 View attachment 148096 View attachment 148097

thank you for the test.
now without cloud lookup, almost all malwares won't be able to bypass

however, the rate of safe files being sandboxed will be crazy. When I disabled cloud lookup, I went mad because everything was sandboxed

no need for HIPS. Disabling Cloud is already a pain

Deleted member 178 · Apr 28, 2017

CS setting is useful for average users and for daily usage, but it is not max protection, even mine ( Comodo Internet Security Setup/configuration thread (Setting Only) ) can be tightened more.
My setting unfortunately isn't for beginners/advanced users.

Deleted member 178 · Apr 28, 2017

Evjl's Rain said:
however, the rate of safe files being sandboxed will be crazy. When I disabled cloud lookup, I went mad because everything was sandboxed

That is why in my settings , i use Paranoid Mode + cloud lookup. All angles are covered without much hassles.

shmu26 · Apr 28, 2017

Evjl's Rain said:
thank you for the test.
now without cloud lookup, almost all malwares won't be able to bypass

however, the rate of safe files being sandboxed will be crazy. When I disabled cloud lookup, I went mad because everything was sandboxed

Did you also cut down the trusted vendors list?

Deleted member 178 · Apr 28, 2017

I saw that Comod GUI was heavily modified especially the settings denominations. Luckily i don't use it anymore

Evjl's Rain · Apr 28, 2017

shmu26 said:
Did you also cut down the trusted vendors list?

no, I didn't touch it
if delete the list + cloud disabled -> potential cause of windows files being sandboxed and unbootable. no need to cutdown the list if cloud is off

Rengar · Apr 28, 2017

Umbra said:
Comodo Internet Security Setup/configuration thread (Setting Only)

I tried HIPS paraniod. First i had it in trainig mode for like 4 days. Then switched to paranoid.
Result after reboot: the system was super slow, the programmes couldnt start and even Comodo couldnt start.
Why @Umbra ?

Deleted member 178 · Apr 28, 2017

LanDude said:
I tried HIPS paraniod. First i had it in trainig mode for like 4 days. Then switched to paranoid.
Result after reboot: the system was super slow, the programmes couldnt start and even Comodo couldnt start.
Why @Umbra ?

I can't tell, HIPS must be tailored to your system and each details verified, those settings (especially paranoid modes) can't be barely copy-pasted. Maybe you had other security soft interfering, on my setup you can see my other security softs are excluded in many places.
It is why i keep saying, Comodo isn't and will never be for beginners and even average users may have hard time.

lab34 · Apr 28, 2017

I think it's too much effort and time consuming. I will keep CS settings.
The probability of wrong rating should be low (or there is a real problem with comodo).

Av Gurus · Apr 28, 2017

Is it possible that the file is Trusted because it is placed on a Virtual PC from a disk from the Host PC?

mekelek · Apr 28, 2017

Av Gurus said:
Is it possible that the file is Trusted because it is placed on a Virtual PC from a disk from the Host PC?

no, look at the VT report of the file, Comodo whitelisted it for sure.

Deleted member 178 · Apr 28, 2017

Av Gurus said:
Is it possible that the file is Trusted because it is placed on a Virtual PC from a disk from the Host PC?

No, whitelisted from the start.

Search

Search

App Review Malware bypass Comodo Firewall @ CS settings

Deleted member 178

Av Gurus

Level 29

Evjl's Rain

Level 47

shmu26

Level 85

Av Gurus

Level 29

Deleted member 178

shmu26

Level 85

Av Gurus

Level 29

Evjl's Rain

Level 47

Deleted member 178

Deleted member 178

shmu26

Level 85

Deleted member 178

Evjl's Rain

Level 47

Rengar

Level 17

Deleted member 178

lab34

Level 6

Av Gurus

Level 29

mekelek

Level 28

Deleted member 178

You may also like...