Advice Request Comodo Firewall component being ignored

Please provide comments and solutions that are helpful to the author of this topic.

cruelsister

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Shadowra said:
I invite you to check out my latest video on Comodo IS.
I had 2 BSOD during my test and especially 2 Ransomware that managed to completely encrypt my test machine while in Sandbox.

And "with all due respect" I'm also an appreciated and recognized tester on this forum, just like Cruelsister whom I admire a lot ;)
Click to expand...
Speaking of those deserving much respect, your videos and production skills are superb (even without text boxes). However for the Comodo video that was posted, I think the issues with the BSOD's and infections may have been the result of how that malware was introduced to the VM.

As you kindly supplied to me that malware used for verification I actually ran this test twice although it took a few hours to do so without any evidence of systemic infection. This being the case I gave thought on why we have this discrepancy in results. In my testing the VM was set up with sufficient resources although not overkill by any means. Also I broke the 302 (I think that was the amount) into packets of 10-15 (although even running 10 consecutive malware files is not something that any user will even see) and allowed them to run for 5 minutes. After that time the sandbox was reset and I moved to the next packet.

Even though the CF VirusScope module detected and deleted some before they could run contained, there was still left ~160 (if memory serves) and I could easily see how gang-banging a bunch could cause system instability. Actually I did attempt to do just that, first by bleeding resources out of the VM and banging through 50 at a time (didn't ever get to the ransomware), and the system did indeed crash (actually froze).

Anyway, with no criticism of your videos intended (Broń Boże), this may be the difference in the results between us.
 
  • Like
  • Applause
  • +Reputation
Reactions: cryogent, Bushman, kylprq and 7 others
F

ForgottenSeer 100397

@Shadowra How did you get the malware pack on the VM in the Comodo test? And is it workable for you or @cruelsister to test the specific malware that encrypted data with Comodo defaults?
 
Shadowra

Shadowra

Level 36
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
rhythm said:
@Shadowra How did you get the malware pack on the VM in the Comodo test? And is it workable for you or @cruelsister to test the specific malware that encrypted data with Comodo defaults?
Click to expand...

The packs, I don't give my 1st source for security reasons. And the 2nd source is personal to me :) either I go to a site hosting them, or when I don't have what I want, I connect to a server I created that gets me 0-day samples :)

Concerning the malware that encrypted, you have to know that I made the test 1 month ago but I delayed to upload it for work reasons and lack of time... At the time of writing, Comodo must have made a detection because I always send the undetected malware to the editors after the test ;)
 
  • Like
  • +Reputation
Reactions: cryogent, Bushman, simmerskool and 1 other person
Shadowra

Shadowra

Level 36
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
  • Like
Reactions: simmerskool, [correlate] and ForgottenSeer 100397
cruelsister

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
rhythm said:
@Shadowra How did you get the malware pack on the VM in the Comodo test? And is it workable for you or @cruelsister to test the specific malware that encrypted data with Comodo defaults?
Click to expand...
The ransomware seen in the video was a HydraCrypt (think Chaos). As I'm not doing a video myself this week I'll use some time to find the specific file in the pack (if possible). As to the system BSOD there are indeed ways to screw with a sandbox to crash them (like recent data stealers spawning a daughter that will expand to ~800MB crashing SBIE).

As this has spun me off into a tangent, iI'll see if I can replicate by a few tricks and if so post back.
 
  • Like
  • Thanks
  • Applause
Reactions: cryogent, Bushman, kylprq and 4 others
F

ForgottenSeer 100397

cruelsister said:
The ransomware seen in the video was a HydraCrypt (think Chaos). As I'm not doing a video myself this week I'll use some time to find the specific file in the pack (if possible). As to the system BSOD there are indeed ways to screw with a sandbox to crash them (like recent data stealers spawning a daughter that will expand to ~800MB crashing SBIE).

As this has spun me off into a tangent, iI'll see if I can replicate by a few tricks and if so post back.
Click to expand...
By the way, doesn't Comodo, by default, exclude the "Downloads" folder? The contained malware can modify or infect the files in the downloads folder.
 
Last edited by a moderator:

Similar threads

rashmi
Question Comodo Firewall and AnyDesk
Replies
6
Views
746
Comodo
Bot
Bot
vitao
    • Like
    • Applause
Kaspersky Antivirus Free + Comodo Firewall Test Against 100 New Malwares (10/2024)
Replies
5
Views
516
Comodo
vitao
vitao
rashmi
    • Like
    • +Reputation
Serious Discussion Comodo Containment "Restricted" Restriction Level
Replies
24
Views
1,798
Comodo
rashmi
rashmi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top