App Review Comodo Firewall 11 Tested

[bribon77]

Content source

https://www.youtube.com/channel/UCDVywVvXaCnJKjJHR25cnsw

Comodo Firewall 11 brief malware test against Ransomware samples. Tested in Proactive mode configuration with a few tweaks to block all unknown file requests. No malware was allowed to run

 

[oldschool]

I'm soooo sleepy... all malware blocked ... and the soft music is putting me to sl.....

 

[codswollip]

R.I.P. Meghan :emoji_sob:

 

[oldschool]

R.I.P. Meghan :emoji_sob:

What happened? How do you know?

 

[ichito]

Hi @bribon77
How would you compare this test to the test of SpyShelter on default settings?

 

[imuade]

What happened? How do you know?

On Comodo Forums she was last active on March the 9th. I think she just stopped making videos about security products

 

[bribon77]

Hi @bribon77
How would you compare this test to the test of SpyShelter on default settings?

SpyShelter if you play is wonderful and very difficult to pass, although for me they are two different programs with the same goal, Maybe it is more aggressive SpyShelter but more difficult to understand

 

[codswollip]

On Comodo Forums she was last active on March the 9th. I think she just stopped making videos about security products

Are you certain about that? Her last post there was June 2018. The "last active" stat doesn't tell us anything. Even here...her last post was October 2018... then by some turn of events her account updated to "last seen" in January 2019... yet notably silent (no posts/updates).

Please show us her post from March 9, 2019.

 

[imuade]

Are you certain about that? Her last post there was June 2018. The "last active" stat doesn't tell us anything. Even here...her last post was October 2018... then by some turn of events her account updated to "last seen" in January 2019... yet notably silent (no posts/updates).

Please show us her post from March 9, 2019.

Last active means she logged in and I said her last active time was on 2019, March the 9th. Her last post dates back to 2018, June the 9th.

 

[oldschool]

So no one here really knows the reason for her absence. Just that she has disappeared from view.

 

[codswollip]

Last active means she logged in

That doesn't necessarily mean that CS engaged the login.
Don't you find it odd that she has not posted on any forum after October 2018?
I'd like to think that you are correct, but alas...

 

[shmu26]

That doesn't necessarily mean that CS engaged the login.
Don't you find it odd that she has not posted on any forum after October 2018?
I'd like to think that you are correct, but alas...

She probably got a good job and doesn't have to waste her time arguing with noobs on forums.

 

[Moonhorse]

Comodo firewall with either the block untrusted files settings like in above video or cruelsisters run rejected the file wont even run

But if you use proactive settings, just turn hips off and let the files run in containment, is there a risk the malware possible could escape the container somehow? Wich makes the insta block / run rejected more powerfull

I have watched some qihoo sandbox videos where the ransomware is run in sandbox and it escapes the sandbox

Such a simple insta block/reject rule can make MAJOR difference in protection

 

[imuade]

Comodo firewall with either the block untrusted files settings like in above video or cruelsisters run rejected the file wont even run

But if you use proactive settings, just turn hips off and let the files run in containment, is there a risk the malware possible could escape the container somehow? Wich makes the insta block / run rejected more powerfull

I have watched some qihoo sandbox videos where the ransomware is run in sandbox and it escapes the sandbox

Such a simple insta block/reject rule can make MAJOR difference in protection

A malware running inside the containment should not be able to escape... but why take the risk? If you block it, you are done. Plus, you could achieve the same protection level with the AV only, you don't need to install the FW (which is the module to cause more troubles on Windows 10)

 

[nikos200]

are any of this files malware????unknown yes.....but malware???????

 

[RoboMan]

are any of this files malware????unknown yes.....but malware???????

I suppose since the title.. But we can't know. Nevertheless, results would have been the same. The only two cases I can guess could bypass Comodo with this configuration or CS configuration are:

• Target a vulnerability in Comodo
• Use a compromised legit file signed by a Trusted Vendor (like CCleaner case back in the day*)

*this is an exceptional case, since if this takes place, Comodo wouldn't be the only one to fail detecting it, it would be a massive industry fail.

 

[codswollip]

A malware running inside the containment should not be able to escape...

Absolutely agree. It only takes a 'minor' flaw in the containment code to wreak havoc on your life.

 

[Rebsat]

Can anyone post screenshots of those specific tweaks which has been used in this video to block all ransomwares? thanks. As far as I know those specific tweaks are differ from cruelsister's tweaks.

 

[Windows_Security]

Comodo Firewall 11 brief malware test against Ransomware samples. Tested in Proactive mode configuration with a few tweaks to block all unknown file requests. No malware was allowed to run

You only tested that ACL set on folders by CFW does what it supposed to do (it is a Windows protection mechanism). You can also set this manually and get the same results when trying to execute a program from such a folder

Example added an ACL - DENY "traverse folder/deny execute" on my Downloads folder for EVERYONE

 

[Windows_Security]

On Comodo Forums she was last active on March the 9th. I think she just stopped making videos about security products

Last thing I know is that she acquired a very well paid (freelance) job which would keep her of the radar for at least six months (non disclosure in her contract). So I start worrying when she does not pop up again in October/November.