- Nov 19, 2014
- 2,350
On a more serious note thanks for the Sandboxie ELI5 explanation. I must admit it's not exactly how i understood it worked.
Comodo FW bypass malware the sandbox (sandbox hips off + on) and voodooshield (autopilot)
- Thread starter Davidov
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Aug 30, 2012
- 6,598
- Jul 3, 2015
- 8,153
I would like to know how Kaspersky TAM reacts to this little monster
- Jun 24, 2016
- 2,485
Nice debate.
By the way, according to your desktop picture on your first post i'm just curious. Did you test the malware on your regular system?
By the way, according to your desktop picture on your first post i'm just curious. Did you test the malware on your regular system?
Last edited:
- Aug 17, 2013
- 1,905
Yes, I'd be interested in this too. Back on topic though, It's completely unrealistic to think that any security can't be bypassed. If someone has the knowledge and experience they'll bypass anything. As Wave stated, Comodo Sandbox is sophisticated, so, someone with the ability to bypass it may very well have the experience to bypass whatever they choose. Thinking ANY security software cannot be bypassed is just naive, just because something hasn't been bypassed at all, or it's been bypassed once a long time ago doesn't mean it can't happen. And no matter what your security config, someone with both the knowledge and experience will bypass everything you've got, And some of those people do it just for fun.
- Jul 3, 2015
- 8,153
I am still not clear on the facts of the case.
As far as I understand, at the time of the test it was completely undetected on VT.
And it was (mistakenly) on COMODO trusted list, although this was corrected shortly afterward.
But did it have a digital sig, and if so, was it a valid one?
As far as I understand, at the time of the test it was completely undetected on VT.
And it was (mistakenly) on COMODO trusted list, although this was corrected shortly afterward.
But did it have a digital sig, and if so, was it a valid one?
- Nov 19, 2014
- 2,350
It didn't have a sig. It was just added in trusted files by mistake.
- Apr 13, 2013
- 3,224
For any that are interested-
1). This file was NEVER EVER trusted by Comodo, especially as it was new and unsigned. As I intimated in my video I believe that there was a Configuration issue in the original video post.
2). Sandboxie, although allowing the Textbox popup, will prevent schtasks.exe from running thus (like Comodo) stopping the process cascade.
3). Qihoo will also detect and stop the schtasks mechanism resulting in no system changes.
1). This file was NEVER EVER trusted by Comodo, especially as it was new and unsigned. As I intimated in my video I believe that there was a Configuration issue in the original video post.
2). Sandboxie, although allowing the Textbox popup, will prevent schtasks.exe from running thus (like Comodo) stopping the process cascade.
3). Qihoo will also detect and stop the schtasks mechanism resulting in no system changes.
- Sep 9, 2012
- 470
Yes, it's on live systems in the sandbox because he did not want to run the malware apparently knew of the sandboxed. Of course subsequent recovery from backups.
- Jul 3, 2015
- 8,153
so if it had no sig, let's ask about voodoo autopilot. Is that expected behavior, to allow an unsigned file that is clean on VT? I am assuming that voodoo Ai failed in this case.
None. Trusted file is not blocked by COMODOD.
- Jul 3, 2015
- 8,153
could you elaborate on the config issue?
- Sep 9, 2012
- 470
There is a setting that was used in the test, see where the error Thanks for any comments.
- Jul 3, 2015
- 8,153
The moral of the story is to maintain a healthy suspicion of the unknown, and not rely on the gods or technological wonders to protect you.
The moral of the story is to not allow an unknown\untrusted file to execute on the system in the first place.
Even allowing a file to execute, but holding it in a suspended state can result in infection\disaster.
All these videos just illustrate one simple fact over-and-over - if you allow it to execute, then at some point, in some way, your AV\HIPS\sandbox\FIrewall\virtualization\rollback\etc will be bypassed or smashed and you will have to deal with the reality and disappointment.
It's funny, after-the-fact most people will say: "I wish I didn't execute that file..."
- Sep 9, 2012
- 470
If the verdict on malware and why tonight after updating the database is still recognized as the most secure ????
After the update already did have to be labeled as malware by cloud or reputation.
The new test after the recognition as malware!
part1)
After rebooting pc
part2)
The evidence is irrefutable.
Watch others deny, deny, deny...
Watch others deny, deny, deny...
Last edited by a moderator:
- Sep 9, 2012
- 470
I layered protection as Comodo + free voodooshield may fail once is enough zero day malware (VT detection 0%) and Bumm. In this case, I relied on CF and voodooshield as nearly invincible .-) nothing is 100%
Get both products on a bicycle Suddenly I expected.Good luck and a layer of protection every day .-))
PS:It is already voodooshield stops malware by developer.If you take, you will:
Get both products on a bicycle Suddenly I expected.Good luck and a layer of protection every day .-))
PS:It is already voodooshield stops malware by developer.If you take, you will:
- Mar 30, 2014
- 468
Interesting !!
Try this option then test file again
Try this option then test file again
- Aug 17, 2013
- 1,905
He's using Proactive config isn't he? If so that box will already be tickedInteresting !!
Try this option then test file again