Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Comodo Firewall and the E-File Data Stealer
Message
<blockquote data-quote="danb" data-source="post: 1035921" data-attributes="member: 62850"><p>Hey CS, I found both samples and VS blocked both as expected, both while ON and OFF. The files are on MalwareBazaar if anyone wants to play with them.</p><p></p><p>You mentioned in the video that that these samples went completely undetected for 7 days until it was discovered by CrowdStrike. So obviously this files was missed by ALL ML/Ai / NextGen AV's initially, so I cannot be too hard on myself for WhitelistCloud or VoodooAi not detecting the file <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" />. We have security mechanisms, checks and layer for a reason. BTW, it is extremely uncommon to see a false negative for both WhitelistCloud and VoodooAi.</p><p></p><p>But you bring up a great point, which I can sum up in a few words. Any cybersecurity product that auto allows by digital signatures alone is doomed to fail. This is a huge reason there are SO many breaches these days. In an effort to reduce false positives, most cybersecurity vendors take this shortcut and auto allow by digital signature. I have said for over a decade this is extremely dangerous, which is why VS will never take this shortcut.</p><p></p><p></p><p>[ATTACH=full]274615[/ATTACH]</p><p></p><p>[ATTACH=full]274616[/ATTACH]</p><p></p><p></p><p></p><p>[URL unfurl="true"]https://www.virustotal.com/gui/file/882d95bdbca75ab9d13486e477ab76b3978e14d6fca30c11ec368f7e5fa1d0cb/detection[/URL]</p><p></p><p>[URL unfurl="true"]https://www.virustotal.com/gui/file/52d3dd78d3f1a14e18d0689ed8c5b43372f9e76401ef1ff68522575e6251d2cf/detection[/URL]</p></blockquote><p></p>
[QUOTE="danb, post: 1035921, member: 62850"] Hey CS, I found both samples and VS blocked both as expected, both while ON and OFF. The files are on MalwareBazaar if anyone wants to play with them. You mentioned in the video that that these samples went completely undetected for 7 days until it was discovered by CrowdStrike. So obviously this files was missed by ALL ML/Ai / NextGen AV's initially, so I cannot be too hard on myself for WhitelistCloud or VoodooAi not detecting the file ;). We have security mechanisms, checks and layer for a reason. BTW, it is extremely uncommon to see a false negative for both WhitelistCloud and VoodooAi. But you bring up a great point, which I can sum up in a few words. Any cybersecurity product that auto allows by digital signatures alone is doomed to fail. This is a huge reason there are SO many breaches these days. In an effort to reduce false positives, most cybersecurity vendors take this shortcut and auto allow by digital signature. I have said for over a decade this is extremely dangerous, which is why VS will never take this shortcut. [ATTACH type="full"]274615[/ATTACH] [ATTACH type="full"]274616[/ATTACH] [URL unfurl="true"]https://www.virustotal.com/gui/file/882d95bdbca75ab9d13486e477ab76b3978e14d6fca30c11ec368f7e5fa1d0cb/detection[/URL] [URL unfurl="true"]https://www.virustotal.com/gui/file/52d3dd78d3f1a14e18d0689ed8c5b43372f9e76401ef1ff68522575e6251d2cf/detection[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top