Orion

Level 2
Anti-Ransomware doesn't exist in the day to day security products its more like behaviour monitoring system.

And even if you do have a anti-ransomware it doesn't mean they can't bypass it.Essentially you need all the security programs to run correctly with a upto date system.

@cruelsister I have struggled with depression for almost a year I know that feeling.I am here if you want to talk,we all are :)

Thanks,
True Indian
 

Andy Ful

Level 41
Content Creator
Trusted
Verified
....
It amazed me that my typical user views went from about 500 to over 10,0000.
...
Congrats! :)
You would be cruel, by making the second video, about the backdoor part of Wannacry. I suspect, that Melih will not be interested.:oops:
Thanks for the test, it proves that Comodo with your settings, is a really good security solution.
I am smiling with you, to fight the depression.:)
 
Last edited:

Andy Ful

Level 41
Content Creator
Trusted
Verified
I think that Comodo should also stop EternalBlue exploit (used in a Wannacry attack) to inject its DLL into system processes!?

Edit.
Personally, I could accept the popup with the link to the video, showing the strength of the security software. Especially when it is free and allows disabling popups.:)
 
Last edited:

Andy Ful

Level 41
Content Creator
Trusted
Verified
There are three scenarios to be infected by WannaCry:
  1. Running the malware on the machine (@cruelsister video). It is typical for home users.
  2. Being silently infected by the malware from another machine in the local network. Typical, real world scenario.
  3. Direct remote attack.
It would be kind asking @cruelsister before using her video. And, it is not quite fair using this video to prove that Comodo prevents #WannaCry ransomware.o_O

Anyway, I think that Comodo can prevent also most of the second scenario, except the backdoor (DoublePulsar) fileless infection.

Edit1
Added the third scenario.

Edit2
I can also say, that I like @cruelsister's, kind way of being CF fan.:)
 
Last edited:

Andy Ful

Level 41
Content Creator
Trusted
Verified
It is also possible that Comodo would mitigate DoublePulsar infection, when attackers will try to run scripts from the memory. But, there are some other possibilities to run shellcode from the memory (assembler code), that is probably not covered by Comodo's "Do Heurristic Command Line Analysis" option.
 

1qay1qay

Level 1
Devil is always in details .... Commodo per se CAN NOT protect you from WannaCry ..... ONLY @cruelsister AND commodo FW can do that .... and in this order only . I did see many infections of naive users with click & run Commodo instals on default settings .... it is even fair to say that Commodo IS DANGEROUS at default seetings, since naive users get false sense of protection, but WITH @cruelsister settings Commodo FW is inpenetratable security solution for SOHO commecial use (for me any for my clients - if you know better one please show me), at least until fileless infections will be more general and AIO or until malware with valid certificate will come around. Thanks @cruelsister, you did save many computers and jobs with this video. Melih should build you a statue in my view ... until then :
 
Last edited:

cruelsister

Level 36
Content Creator
Trusted
Verified
Shmu- I'm SOOO glad you asked that question, and please allow me a long-winded and overly complicated (as usual) response:

1). UIWIX in particular will check for the presence of the Comodo Sandbox (Containment), and if detected will shut down. So what does this mean to a CF user on a real system? The file will just shut down and not run. This means for a Comodo user to be infected by UIWIX they would have to uninstall Comodo, reboot, then run the malware. It is my fervent hope that ALL malware would have such Comodo checks!

2). I hope that it isn't needed for me to speak again about how CF handles ransomware other than to say it blows it off.

3). The worm-like activity of UIWIX- this is a topic that I've been ranting on for the past few years, and until this month no one has given a flying(add curse word here) about. At my settings (as I have shown in past videos), CF deals with worms and worm-like activity the same way it deals with ransomware. It stops it.

Worms and those malware that will exhibit worm-like activity have always been a Clear and Present danger to the computer user. Almost totally ignored by everyone else, it gladdens my heart that it is finally being given the significance that is needed. Now if only the majority of Security vendors will actually ACT on this problem instead of the typical dismissal the world will be a happier place.

Comodo has already long since had such protection, but is it is like they are a Voice Crying out in the Wilderness...
 

shmu26

Level 78
Content Creator
Trusted
Verified
1). UIWIX in particular will check for the presence of the Comodo Sandbox (Containment)
Right. UIWIX doesn't even start. But just to make the question a little more interesting, let's say a fearless and foolish malcoder tries to leverage the same exploits, but without the sandbox detection.
How will Comodo handle this worm, if it tries to wiggle?
 

cruelsister

Level 36
Content Creator
Trusted
Verified
C would handle it just like WannaCry.

On consideration, there really is no magic in this type of malware. Blackhats have been using the combo malware approach for some time- Cerber with a Pony info stealer, Bart with a WebCam logger, etc. So with this recent malware we have a ransomware with an included Worm- Wowie Zowie! Really the only issue here is that the vendors have been blowing off worms for years, and the News media has absolutely no clue about this topic, so we have another brand new same old "Worst Thing Ever".
 

shmu26

Level 78
Content Creator
Trusted
Verified
It is also possible that Comodo would mitigate DoublePulsar infection, when attackers will try to run scripts from the memory. But, there are some other possibilities to run shellcode from the memory (assembler code), that is probably not covered by Comodo's "Do Heurristic Command Line Analysis" option.
And with UIWIX, there reportedly is no cmd.exe activity, so even if you put "command line analysis" at max settings, it won't help.
So I don't understand how Comodo, at any settings, will block worms using such exploits, if another computer on the same network was already infected.

UIWIX is sandbox-sensitive, but these malwares morph all the time. All you need is a variant that is not sandbox-sensitive, and you have a problem on your hands.
 
Last edited:
  • Like
Reactions: AtlBo and Andy Ful