Advice Request Can Comodo Firewall protect against signed malware?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Prayag

Level 4
Thread author
Verified
Well-known
Mar 27, 2017
160
How does comodo firewall protects against signed malware at cruelsister's settings? Also i can disable its processes via task manager. How its self protection?
I am going to use it on my system with cruelsister's settings but these issues are my main concern which do not let me believe in comodo's power.
So,help me out and give the required info.
Thanks.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
Two ways:
  • If the malware's certificate signer isn't on Comodo's trusted vendors list then it will be sandboxed the same as unsigned malware
  • Even if malware is using a certificate from a vendor that's on the trusted vendors list, cloud lookup can still flag the file as malware
According to @cruelsister, malware using stolen certificates gets pounced on pretty quickly by security vendors.
 
Last edited:

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Two ways:
  • If the malware's certificate signer isn't on Comodo's trusted vendors list then it will be sandboxed the same as unsigned malware
  • Even if malware is using a certificate from a vendor that's on the trusted vendors list, cloud lookup can still flag the file as malware
Malware using stolen certificates apparently get pounced on pretty quickly by security vendors.

Good question from OP, thanks. Looks like things might change in the future but who knows into what. Comodo is testing "Recognizer" for Valkyrie, which will be able to detect particularly nasty malware, even ransomware, with both signatures and based on behavior.

I think I may turn on Cloud Lookup again. I turned it off because it kept enlarging the TVL list and then I saw that CL was responsible for a couple of documented successful malware attacks. I'm not sure, though. With Comodo testing "Recognizer" as part of Valkyrie, I wonder if the TVL will be as important to me (keeping it short). I like the list short, because I like to know what's happening on the system in the general sense.

For the future, I guess I am somewhat confused about whether leaving Cloud Lookup off would disable "Recognizer" when it comes online. Also, will "Recognizer" replace Cloud Lookup eventually altogether? Ultimately, I kind of wish Comodo would for now back off adding vendors to the TVL via Cloud Lookup. This would be the ideal situation for me imo. I could shorten the TVL and still have the benefit of using CL.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
I am somewhat confused about whether leaving Cloud Lookup off would disable "Recognizer" when it comes online.
It won't. Recognizers apply to Viruscope, not Cloud Lookup. Recognizers contain sets of behaviours that tell Viruscope to raise an alert when an application displays one of those behaviours.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
How does comodo firewall protects against signed malware at cruelsister's settings?
Run a good AV together with Comodo firewall, or use Umbra's paranoid settings.

Also i can disable its processes via task manager. How its self protection?
If you disable those processes, it goes into a lockdown state. Everything not previously whitelisted will fall into the sandbox.
 

Maxwell Sien

Level 2
Verified
Nov 15, 2016
97
How does comodo firewall protects against signed malware at cruelsister's settings? Also i can disable its processes via task manager. How its self protection?
I am going to use it on my system with cruelsister's settings but these issues are my main concern which do not let me believe in comodo's power.
So,help me out and give the required info.
Thanks.

Yes, comodo allow Windows Files and Trusted Files to terminate Comodo Process. You can see in HIPS Rules:

-2017-42.jpg


-2017-41.jpg


But any Malware want to terminate Comodo Application, it will failed because of this:

-2017-44.jpg


-2017-43.jpg


If you set HIPS to Paranoide Mode, Even Task Manager Can't terminate Comodo Process.
 

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
This question got my head beat bad ( can cfw protect against signed malware ) why segregate that question to 1 product when for all it will be an issue an a serious one at that, entertaining this question for 1 product is madness to the maximum.
 
  • Like
Reactions: Prayag and ZeroDay
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top