App Review Comodo Cloud AV - Autosandbox only - petya bypassed

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Mr.Pr said:
Petya bypassed Comodo then, @Evjl's Rain you was testing in VM? or SD?
Click to expand...
it's a VM with windows 7. I only use SD for my windows 10 host machine
My host machine uses GPT-UEFI drive so petya might not be able to do anything because petya only works on MBR-BIOS drive
 
  • Like
Reactions: Parsh, KGBagent47, Solarquest and 7 others
Mr.Pr said:
you think Petya is able to bypass SD and encrypt host machine? of cours i mean that MBR-BIOS
Click to expand...
I don't know but it's super rare as someone explained. petya, I don't think it can
but hackers who really want to steal your info can

check if you are using GPT. If you do, don't worry about petya
 
  • Like
Reactions: Parsh, Solarquest, Deleted Member 3a5v73x and 5 others
Interesting. So CCAV doesn't protect the mbr from an isolated application? This is indeed weird and sad.

Need to not read this forum in the mornings because it makes me sad seeing such results.

Mr.Pr said:
you think Petya is able to bypass SD and encrypt host machine? of cours i mean that MBR-BIOS
Click to expand...
Not at it's current state.
 
  • Like
Reactions: Parsh, Solarquest, Deleted Member 3a5v73x and 8 others
SHvFl said:
Interesting. So CCAV doesn't protect the mbr from an isolated application? This is indeed weird and sad.

Need to not read this forum in the mornings because it makes me sad seeing such results.
Click to expand...
comodo firewall or CIS are the answer for that :)
they are better all the way including performance

erreale said:
Petya is terrifying
Click to expand...
if you are using GPT drive, don't worry about petya :)
 
  • Like
Reactions: Solarquest, Deleted Member 3a5v73x, AtlBo and 5 others
Evjl's Rain said:
comodo firewall or CIS are the answer for that :)
they are better all the way including performance
Click to expand...
But that should make 0 difference because they ported the CIS sandbox module into CCAV a while back. So they might have messed permissions for anything run isolated because in practice the 2 modules are identical. Too lazy to find the changelog but you probably remember.
 
  • Like
Reactions: Solarquest, Deleted Member 3a5v73x, AtlBo and 4 others
SHvFl said:
But that should make 0 difference because they ported the CIS sandbox module into CCAV a while back. So they might have messed permissions for anything run isolated because in practice the 2 modules are identical. Too lazy to find the changelog but you probably remember.
Click to expand...
actually they are different according to comodo's FAQ
Cloud Antivirus | Comodo Free Proactive Protection Software
How CCAV sandbox is different from CIS sandbox?

CCAV sandbox is a light weighted sandbox, it does not rely on service or filter drivers. It is implemented purely from user mode hooks. CCAV sandbox does not have COM/Service virtualization which CIS has. Besides, unlike CIS which has one global sandbox instance, different CCAV applications have their own sandbox instance while child process inherits sandbox instance from parent process
Click to expand...

I also tested comodo firewall in proactive mode, I didn't change the restriction level, it blocked 100% including petya. I assume it's much better
 
  • Like
Reactions: Parsh, Solarquest, vivid and 6 others
  • Like
Reactions: Solarquest, Deleted Member 3a5v73x, AtlBo and 4 others
SHvFl said:
I listen but i just don't trust them. If i ever use their software again it's only for the firewall and nothing else.
Click to expand...
wait, or perhaps CF would be bypassed by petya also? The last time I tested, I forgot to disable file rating completely. Maybe that's the reason why CF blocked it. I may do another test then
 
  • Like
Reactions: Parsh, Solarquest, Deleted Member 3a5v73x and 5 others
Evjl's Rain said:
wait, or perhaps CF would be bypassed by petya also? The last time I tested, I forgot to disable file rating completely. Maybe that's the reason why CF blocked it. I may do another test then
Click to expand...
Maybe, i don't know. Who knows what they did.
 
  • Like
Reactions: Deleted Member 3a5v73x, AtlBo, Deleted member 2913 and 2 others
  • Like
Reactions: Parsh, Solarquest, Deleted Member 3a5v73x and 5 others
shmu26 said:
the faq doesn't actually say that CCAV has the same sandbox settings as CFW "proactive" config. Maybe it has the same settings as firewall config, which is weak on the COM side. @cruelsister says that firewall config in comodo 10 is lacking in proper COM protection.
Click to expand...
It should not matter. They should protect the mbr, who the hell doesn't when we have so many ransomware that do that.
 
  • Like
Reactions: Solarquest, Deleted Member 3a5v73x, AtlBo and 4 others
SHvFl said:
It should not matter. They should protect the mbr, who the hell doesn't when we have so many ransomware that do that.
Click to expand...
CFW in firewall config actually relies at its default settings on HIPS, while autosandbox is disabled by default.
But your scathing criticism is richly deserved by CCAV...
 
  • Like
Reactions: Solarquest, Deleted Member 3a5v73x, AtlBo and 5 others
shmu26 said:
CFW in firewall config actually relies at its default settings on HIPS, while autosandbox is disabled by default.
But your scathing criticism is richly deserved by CCAV...
Click to expand...
I don't care on what it relies or how it does it. They just created a program apparently for sandbox only and the sandbox has the same capabilities as CIS from what they are advertising. So they should #####ing go to work and figure a way to at least stop the most common exploited methods.
This Comodo loops you need to jump are ridiculous and i am not going to take it easy on them or defend them. If they made a terrible program is not my fault.
 
  • Like
Reactions: Solarquest, Deleted Member 3a5v73x, AtlBo and 4 others

You may also like...