Advice Request Comodo Firewall component being ignored

[ForgottenSeer 97327]

I'm not an active participant in this forum

But for Comodo, Cruel Sister and Shadowra you make an exception?

 

[Trident]

But for Comodo, Cruel Sister and Shadowra you make an exception?

I initially registered for the Comodo discussion and even had no plans to stay. I remained because of other people. Comodo discussions are very powerful, It all becomes like a boxing ring. I love challenge. Unfortunately Oerlink is not around now.

 

[a090]

Hey y’all. I like @cruelsister as much as the next person, and @Shadowra is someone I admire a lot (and who has helped me in choosing my main AV not too long ago—thanks brother!). They’re both great and we’re lucky to have them in this community.

But don’t forget my dude @Trident now. Man deserves a hug too, y’know.

 

[cruelsister]

I invite you to check out my latest video on Comodo IS.
I had 2 BSOD during my test and especially 2 Ransomware that managed to completely encrypt my test machine while in Sandbox.

And "with all due respect" I'm also an appreciated and recognized tester on this forum, just like Cruelsister whom I admire a lot

Speaking of those deserving much respect, your videos and production skills are superb (even without text boxes). However for the Comodo video that was posted, I think the issues with the BSOD's and infections may have been the result of how that malware was introduced to the VM.

As you kindly supplied to me that malware used for verification I actually ran this test twice although it took a few hours to do so without any evidence of systemic infection. This being the case I gave thought on why we have this discrepancy in results. In my testing the VM was set up with sufficient resources although not overkill by any means. Also I broke the 302 (I think that was the amount) into packets of 10-15 (although even running 10 consecutive malware files is not something that any user will even see) and allowed them to run for 5 minutes. After that time the sandbox was reset and I moved to the next packet.

Even though the CF VirusScope module detected and deleted some before they could run contained, there was still left ~160 (if memory serves) and I could easily see how gang-banging a bunch could cause system instability. Actually I did attempt to do just that, first by bleeding resources out of the VM and banging through 50 at a time (didn't ever get to the ransomware), and the system did indeed crash (actually froze).

Anyway, with no criticism of your videos intended (Broń Boże), this may be the difference in the results between us.

 

[ForgottenSeer 100397]

@Shadowra How did you get the malware pack on the VM in the Comodo test? And is it workable for you or @cruelsister to test the specific malware that encrypted data with Comodo defaults?

 

[Shadowra]

@Shadowra How did you get the malware pack on the VM in the Comodo test? And is it workable for you or @cruelsister to test the specific malware that encrypted data with Comodo defaults?

The packs, I don't give my 1st source for security reasons. And the 2nd source is personal to me either I go to a site hosting them, or when I don't have what I want, I connect to a server I created that gets me 0-day samples

Concerning the malware that encrypted, you have to know that I made the test 1 month ago but I delayed to upload it for work reasons and lack of time... At the time of writing, Comodo must have made a detection because I always send the undetected malware to the editors after the test

 

[ForgottenSeer 100397]

I meant how you copied the malware package. Look here: Video Review - Comodo Internet Security Premium Free 2023

 

[Shadowra]

I meant how you copied the malware package. Look here: Video Review - Comodo Internet Security Premium Free 2023

I answer you

Video Review - Comodo Internet Security Premium Free 2023

"The big problem with Comodo is its anti-malware engine which is for me the BADGEST I've ever tested!" Because you did not zoner/zillya/protegent :ROFLMAO: :ROFLMAO: :ROFLMAO:

malwaretips.com

 

[cruelsister]

@Shadowra How did you get the malware pack on the VM in the Comodo test? And is it workable for you or @cruelsister to test the specific malware that encrypted data with Comodo defaults?

The ransomware seen in the video was a HydraCrypt (think Chaos). As I'm not doing a video myself this week I'll use some time to find the specific file in the pack (if possible). As to the system BSOD there are indeed ways to screw with a sandbox to crash them (like recent data stealers spawning a daughter that will expand to ~800MB crashing SBIE).

As this has spun me off into a tangent, iI'll see if I can replicate by a few tricks and if so post back.

 

[ForgottenSeer 100397]

The ransomware seen in the video was a HydraCrypt (think Chaos). As I'm not doing a video myself this week I'll use some time to find the specific file in the pack (if possible). As to the system BSOD there are indeed ways to screw with a sandbox to crash them (like recent data stealers spawning a daughter that will expand to ~800MB crashing SBIE).

As this has spun me off into a tangent, iI'll see if I can replicate by a few tricks and if so post back.

By the way, doesn't Comodo, by default, exclude the "Downloads" folder? The contained malware can modify or infect the files in the downloads folder.