Advice Request Comodo Firewall component being ignored

Please provide comments and solutions that are helpful to the author of this topic.

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,169
I invite you to check out my latest video on Comodo IS.
I had 2 BSOD during my test and especially 2 Ransomware that managed to completely encrypt my test machine while in Sandbox.

And "with all due respect" I'm also an appreciated and recognized tester on this forum, just like Cruelsister whom I admire a lot ;)
Speaking of those deserving much respect, your videos and production skills are superb (even without text boxes). However for the Comodo video that was posted, I think the issues with the BSOD's and infections may have been the result of how that malware was introduced to the VM.

As you kindly supplied to me that malware used for verification I actually ran this test twice although it took a few hours to do so without any evidence of systemic infection. This being the case I gave thought on why we have this discrepancy in results. In my testing the VM was set up with sufficient resources although not overkill by any means. Also I broke the 302 (I think that was the amount) into packets of 10-15 (although even running 10 consecutive malware files is not something that any user will even see) and allowed them to run for 5 minutes. After that time the sandbox was reset and I moved to the next packet.

Even though the CF VirusScope module detected and deleted some before they could run contained, there was still left ~160 (if memory serves) and I could easily see how gang-banging a bunch could cause system instability. Actually I did attempt to do just that, first by bleeding resources out of the VM and banging through 50 at a time (didn't ever get to the ransomware), and the system did indeed crash (actually froze).

Anyway, with no criticism of your videos intended (Broń Boże), this may be the difference in the results between us.
 
F

ForgottenSeer 100397

@Shadowra How did you get the malware pack on the VM in the Comodo test? And is it workable for you or @cruelsister to test the specific malware that encrypted data with Comodo defaults?
 

Shadowra

Level 34
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,386
@Shadowra How did you get the malware pack on the VM in the Comodo test? And is it workable for you or @cruelsister to test the specific malware that encrypted data with Comodo defaults?

The packs, I don't give my 1st source for security reasons. And the 2nd source is personal to me :) either I go to a site hosting them, or when I don't have what I want, I connect to a server I created that gets me 0-day samples :)

Concerning the malware that encrypted, you have to know that I made the test 1 month ago but I delayed to upload it for work reasons and lack of time... At the time of writing, Comodo must have made a detection because I always send the undetected malware to the editors after the test ;)
 

Shadowra

Level 34
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,386

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,169
@Shadowra How did you get the malware pack on the VM in the Comodo test? And is it workable for you or @cruelsister to test the specific malware that encrypted data with Comodo defaults?
The ransomware seen in the video was a HydraCrypt (think Chaos). As I'm not doing a video myself this week I'll use some time to find the specific file in the pack (if possible). As to the system BSOD there are indeed ways to screw with a sandbox to crash them (like recent data stealers spawning a daughter that will expand to ~800MB crashing SBIE).

As this has spun me off into a tangent, iI'll see if I can replicate by a few tricks and if so post back.
 
F

ForgottenSeer 100397

The ransomware seen in the video was a HydraCrypt (think Chaos). As I'm not doing a video myself this week I'll use some time to find the specific file in the pack (if possible). As to the system BSOD there are indeed ways to screw with a sandbox to crash them (like recent data stealers spawning a daughter that will expand to ~800MB crashing SBIE).

As this has spun me off into a tangent, iI'll see if I can replicate by a few tricks and if so post back.
By the way, doesn't Comodo, by default, exclude the "Downloads" folder? The contained malware can modify or infect the files in the downloads folder.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top