cruelsister
Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Comodo Firewall vs a new Data Stealer
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Thanks for sharing this video! It provides a great visual explanation of the Comodo Firewall vs a new data stealer. Let's discuss the key points and insights.
Cool! Honestly if I could just run the sandbox portion without anything else then I would try it. But I am already running eset so I don't want any internal conflicts and performance issues.
F
ForgottenSeer 114834
Honestly, if you've been around the forum for awhile and haven't figured out how they teleport malware to the desktop for testing, you've just not been paying attention and deserve to get infected.Haha! Where did all the noise go, my friends? Remember those days when Comodo threads were bursting with romance, drama, tragedy, comedy, and trolledy? Oh, my darling, kindly bring me my bottle
cruelsister
Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
The Desktop is nothing more than a folder on the System. If you use a browser to download file it will be seen either in the Download or Temp folder. Malware on a USB or DVD will also appear in their respective folders on the drive.
Quite simply, Malware, in order to run, mist be initiated from somewhere (anywhere) with no magic or teleportation needed.
Quite simply, Malware, in order to run, mist be initiated from somewhere (anywhere) with no magic or teleportation needed.
I love seeing banned members coming back as fresh new users. It warms the cackles of my heart.
One thing is certain from the video. Comodo did contain it. Wether others can or can not well that is yet to be tested since from what I recall the tests done were only file scans and not executions. So I do agree that there is no consensus regarding which software might or might not contain it when the payload is executed. However, based on the evidence presented in this thread; comodo did do its job.
And I am not a comodo follower, in fact I am quite the opposite, but I can't argue with data.
One thing is certain from the video. Comodo did contain it. Wether others can or can not well that is yet to be tested since from what I recall the tests done were only file scans and not executions. So I do agree that there is no consensus regarding which software might or might not contain it when the payload is executed. However, based on the evidence presented in this thread; comodo did do its job.
And I am not a comodo follower, in fact I am quite the opposite, but I can't argue with data.
Great test as always. It's interesting people mentioning different attack vectors and true testing. Probably the most real of these tests are the web link / download tests with protection enabled but your never really going to replicate an exact real world scenario. Somehow some way people sometimes get a bad unknown file on your computer.
I was going to wade in here about sandboxing unknowns recalling a story where I got ransomware from a PDF but use what works for you. I have a couple of default deny parts of my configuration and they aren't much of a headache at all an don't usually get alerts unless I'm playing with new software.
I was going to wade in here about sandboxing unknowns recalling a story where I got ransomware from a PDF but use what works for you. I have a couple of default deny parts of my configuration and they aren't much of a headache at all an don't usually get alerts unless I'm playing with new software.
I think SeaKelp mean`t your video as in a Lynx video not a Cruel Sister one.Oh goody, another video, should I go grab my popcorn?
An excellent question you posted. When can we expect a video of a true route of infection test on all other security solutions to be performed by the user claiming this software is the only way to stop this sample
I`ve got my popcorn ready.
Regards Eck
The infection worked like a charm, luring my security enthusiast friends backHonestly, if you've been around the forum for awhile and haven't figured out how they teleport malware to the desktop for testing, you've just not been paying attention and deserve to get infected.
... comments, laughs, and love pouring in! Oh, my love, it's time to make some noise and pop that bottle in style!
F
ForgottenSeer 114834
Oh I'm sure that's what he meant. Although it was not my claim of cis being the only product capable nor did I run a test from the desktop, I don't recall volunteering a video as if I was a tester either, but this seems to have triggered those same defense responses from the crowd.I think SeaKelp mean`t your video as in a Lynx video not a Cruel Sister one.
I`ve got my popcorn ready.
Regards Eck
Personally I was only fulfilling a request by @rashmi who seemed to be bored with the lack of entertainment here now days. Of course pointing out that these videos half baked prove nothing just happened to be an after effect of doing so.
You have been around the forum since 2014, I don't recall you testing or proving anything here, just the usual banter where jump in and try to look as if you know what you are speaking.
You would have known me as illumination back then, the old malware hub moderator. I have done my share of testing and understand how products work well. I have probably forgotten more about this than you have ever learned.
No sense in pretending most of you don't know who I am. I never really hide it anyway now do I.
Bottem line, if it's not real world testing you are proving nothing, so making claims is misleading.
Melih you know me from back in the day your welcome to reply as well.
Actually quite a lot of products reacted and removed the malware. The infection details and products have been discussed on another thread.When can we expect a video of a true route of infection test on all other security solutions to be performed by the user claiming this software is the only way to stop this sample
A interesting fully undetectable malware (until now)
Microsoft Defender : detected. Congrats Microsoft ! With default settings? 🤔
malwaretips.com
So I am not sure which products are “oblivious to malware”.
The malware is distributed as a fake game, it does not automatically infect flash drives or possess any spreading mechanisms. Products with download defences will handle the malware. In fact, certain versions have strings that suspend execution when products like Eset and Norton are installed.
An excellent question you posted. When can we expect a video of a true route of infection test on all other security solutions to be performed by the user claiming this software is the only way to stop this sample
I've shared other screenshots showing Avast, Norton, Microsoft Defender (with Machine Learning detection) and Bitdefender also blocking this malware
Comodo sandboxes anything unknown, that much we know. VirusScope's detection was, for me, logical, given that the malware launches various Powershell commands at runtime.
But I agree with you on one point: Comodo isn't the only one capable of blocking this type of malware
What triggers the detection here for most software is the abuse of the name svchost.exe. No useful software has any genuine reason to doppelgäng a native Windows executable.
Yes, the launch of high number of LOLBins is also highly suspicious. In Harmony, we saw that not only that the malware was blocked, but it was also correctly identified as Nova Stealer.
Many other products that we didn’t test would have also blocked the malware.
Other solutions might detect it but would they have dealt with it as well as CFW seeing that the alert was ignored ?
Regards Eck
Regards Eck
There were no alerts, prompts, ifs and buts. Upon launch, Norton, Avast, Bitdefender and Check Point Harmony automatically remediated the malware, with Harmony going as far as identifying the malware type, and not some generic name. Some of its components were first seen 20 days ago.Other solutions might detect it but would they have dealt with it as well as CFW seeing that the alert was ignored ?
Regards Eck
Trend Micro would have issued a warning not to run the file. The user can’t ignore this warning unless they try to run it second time, which they shouldn’t.
Kaspersky with a properly set-up application control/IDS would have blocked execution.
Microsoft Defender also dealt with the malware and tools from Andy Ful could have stopped the execution of LOLBins which is essential for the malware logical flow.
In addition, many products can be configured to display these prompts whether or not something is allowed to connect to the internet, it is not something unique to Comodo.
So I do not agree that only Comodo dealt with the malware or the way of dealing was in any way superior.
1. No
2.
I don't know why these testers bother with contextual analysis.
Personally, on a sample pack (that I create myself), I do a 1st analysis to see if the engine can recognize several samples. You should know that signature recognition is totally OBSOLETE these days, given the millions of new malware being created every day.
Next, I run the unrecognized samples to see if the antivirus will be able to block malicious actions when confronted with the malware. This is what we call behavioral (or pro-active) protection, and it's an added bonus for antivirus programs to stop a potential infection.
Contextual click testing alone is clearly useless.
You may also like...
-
New Fake CAPTCHA Scam Abuses Microsoft Tools to Install Amatera Stealer- Started by Brownie2019
- Replies: 24
-
AVG vs Symantec Antivirus: This One Cleaned Better- Started by Khushal
- Replies: 57
-
New MacSync Stealer Malware Attacking macOS Users Using Digitally Signed Apps
- Started by Brownie2019
- Replies: 2
-
Battle: Bitdefender Free Antivirus vs Comodo Free Antivirus | Test and Review | 2025- Started by NB InfoTech
- Replies: 1
-
Malware bypassed macOS Gatekeeper by abusing Apple's notarization proccess- Started by enaph
- Replies: 1