App Review Comodo Firewall 10 vs Ransomware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Part 4 of the Ransomware series. (and my last one for a while). Note that the ransom screens that popped up on occasion were the extent of what the ransomware could do (nothing at all encrypted); but if you didn't even want the ransom screens, just up the sandbox level to Untrusted.

Music: Lisa Gerrard- Elegy

 

ctrlz

Level 2
Verified
Mar 20, 2017
54
My settings are different, but I'm quite confident the result would be similar:
- I don't auto-block firewall requests: anyway the downloaded file would be sandboxed
- I have HIPS enabled: in Safe Mode it doesn't generate many popups
- I don't suppress privilege elevation alerts by default: this could be the only problem, just in case I manually choose to run outside the sandbox

Thanks for the test @cruelsister
 

lab34

Level 6
Verified
Well-known
Mar 28, 2017
263
Hello,
as always a very informative test.

Today, with this video, I realized something : the notifications are mastered by Windows on Win 10. Not exactly the same menu on the general options.
Every time I saw your videos, I thought "she have a different version of CFW" but now I understand that your videos are on Win7 :oops:

(sorry for the noob remark)

Win10:
Capture.JPG


Win7:
Capture.JPG
 

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Kaspersky properly set is excellent. The only main deficiency I had found was in Boot Time protection, soon fixed.

Lab- the reason I use Win7 in my videos is that it still has about a 50% market share. Personally I use W10 and love it (with StartIsBack++).
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
@cruelsister I assume you set "Do not show privilege alerts: Run inside container" for demonstration purposes at 00:00:53 in the video? It can be interchangeable with the "Block" option I believe?
Either option will achieve the same result in the end.
If you had it set to block the ransomware's initial execution would be completely blocked due to it requesting privilege elevation from the get-go and because it's unrecognised by Comodo. Even if it didn't initially request privilege elevation it would be sandboxed until it requested said privilege elevation and then subsequently terminated by Comodo.
With it set to run inside container you'd get a notification that the ransomware had been sandboxed and it would just sit inside the sandbox unable to do anything of note. The ransomware would eventually self-terminate or be terminated when you either clear the sandbox or restart your PC.

Edit: I reworded it so it was easier to understand.

Sorry for hijacking your question @cruelsister. :oops: You'll probably be able to explain it better than I have.
 
Last edited:

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
No issues! The only reason that I had that option checked is that it will suppress popups for unknown and unsigned applications from giving the user a choice to give that application privilege escalation. For those that have UAC enabled, this would just be duplication. For those with UAC disabled, a rule of thumb should be to NEVER EVER allow PE for an unknown. Checking this box just will remove that popup option, but otherwise will not really add anything to protection.
 

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
AV Gurus- Yeah, send me a link. I'm on the road now for quite a while but I'll check it when I can. By the way, would the file happen to be signed?
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
  • Like
Reactions: harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top