(COMODO) Creating a custom rule for my 'malware' folder...

Status
Not open for further replies.

porkpiehat

Level 6
Thread author
Verified
Well-known
May 30, 2015
277
Hi, would it be possible to create a custom rule, that assigns a 'untrusted/unrecognised' rule to every file that I download/run from my 'malware' folder? cheers.
 
  • Like
Reactions: Moose

porkpiehat

Level 6
Thread author
Verified
Well-known
May 30, 2015
277
CFW, Proactive, and HIPS enabled ... thanks, I shall check these links out..
 
  • Like
Reactions: Moose

porkpiehat

Level 6
Thread author
Verified
Well-known
May 30, 2015
277
ok, I've set up the rule, with 'block' and 'quarantine' as the actions.... downloaded the 'adware fake optimizer' into the 'malware' folder, and run the fake optimizer program... which alerts UAC and proceeds with its 'select a language' installer... at what point should Comodo have jumped on it and blocked/quarantined the program?
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
@porkpiehat : The first protocol is quarantine them for safe keeping purpose as much as possible, especially for probably FP rates that you can restore anytime.

Blocked can be acceptable that which only prevent the execution but not removing the totality of file existence.
 
  • Like
Reactions: porkpiehat

porkpiehat

Level 6
Thread author
Verified
Well-known
May 30, 2015
277
update, I re installed CIS, and everything is working as it should... click on file, and BAM...GO TO JAIL!! happy days :)
 
H

hjlbx

ok, I've set up the rule, with 'block' and 'quarantine' as the actions.... downloaded the 'adware fake optimizer' into the 'malware' folder, and run the fake optimizer program... which alerts UAC and proceeds with its 'select a language' installer... at what point should Comodo have jumped on it and blocked/quarantined the program?

@porkpiehat

You set up rule for auto-sandbox to Block the execution of any Unrecognized file - then auto-quarantine that file... is this correct ?
 

porkpiehat

Level 6
Thread author
Verified
Well-known
May 30, 2015
277
actually, I've just discovered that EAM was screwing up the auto sandbox rules... now that I've deleted EAM everything is being caught... although I'm chuffed that Comodo is working, I'm totally gutted that I cannot run EAM with it.... ho hum!!
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top