On a more serious note thanks for the Sandboxie ELI5 explanation. I must admit it's not exactly how i understood it worked.
Comodo FW bypass malware the sandbox (sandbox hips off + on) and voodooshield (autopilot)
- Thread starter Davidov
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
I would like to know how Kaspersky TAM reacts to this little monster
RoboMan
Level 38
Verified
Honorary Member
Top Poster
Content Creator
Well-known
High Reputation
Forum Veteran
Nice debate.
By the way, according to your desktop picture on your first post i'm just curious. Did you test the malware on your regular system?
By the way, according to your desktop picture on your first post i'm just curious. Did you test the malware on your regular system?
Last edited:
Yes, I'd be interested in this too. Back on topic though, It's completely unrealistic to think that any security can't be bypassed. If someone has the knowledge and experience they'll bypass anything. As Wave stated, Comodo Sandbox is sophisticated, so, someone with the ability to bypass it may very well have the experience to bypass whatever they choose. Thinking ANY security software cannot be bypassed is just naive, just because something hasn't been bypassed at all, or it's been bypassed once a long time ago doesn't mean it can't happen. And no matter what your security config, someone with both the knowledge and experience will bypass everything you've got, And some of those people do it just for fun.
I am still not clear on the facts of the case.
As far as I understand, at the time of the test it was completely undetected on VT.
And it was (mistakenly) on COMODO trusted list, although this was corrected shortly afterward.
But did it have a digital sig, and if so, was it a valid one?
As far as I understand, at the time of the test it was completely undetected on VT.
And it was (mistakenly) on COMODO trusted list, although this was corrected shortly afterward.
But did it have a digital sig, and if so, was it a valid one?
It didn't have a sig. It was just added in trusted files by mistake.
For any that are interested-
1). This file was NEVER EVER trusted by Comodo, especially as it was new and unsigned. As I intimated in my video I believe that there was a Configuration issue in the original video post.
2). Sandboxie, although allowing the Textbox popup, will prevent schtasks.exe from running thus (like Comodo) stopping the process cascade.
3). Qihoo will also detect and stop the schtasks mechanism resulting in no system changes.
1). This file was NEVER EVER trusted by Comodo, especially as it was new and unsigned. As I intimated in my video I believe that there was a Configuration issue in the original video post.
2). Sandboxie, although allowing the Textbox popup, will prevent schtasks.exe from running thus (like Comodo) stopping the process cascade.
3). Qihoo will also detect and stop the schtasks mechanism resulting in no system changes.
Yes, it's on live systems in the sandbox because he did not want to run the malware apparently knew of the sandboxed. Of course subsequent recovery from backups.
so if it had no sig, let's ask about voodoo autopilot. Is that expected behavior, to allow an unsigned file that is clean on VT? I am assuming that voodoo Ai failed in this case.
H
hjlbx
None. Trusted file is not blocked by COMODOD.
could you elaborate on the config issue?
There is a setting that was used in the test, see where the error Thanks for any comments.
The moral of the story is to maintain a healthy suspicion of the unknown, and not rely on the gods or technological wonders to protect you.
H
hjlbx
The moral of the story is to not allow an unknown\untrusted file to execute on the system in the first place.
Even allowing a file to execute, but holding it in a suspended state can result in infection\disaster.
All these videos just illustrate one simple fact over-and-over - if you allow it to execute, then at some point, in some way, your AV\HIPS\sandbox\FIrewall\virtualization\rollback\etc will be bypassed or smashed and you will have to deal with the reality and disappointment.
It's funny, after-the-fact most people will say: "I wish I didn't execute that file..."
If the verdict on malware and why tonight after updating the database is still recognized as the most secure ????
After the update already did have to be labeled as malware by cloud or reputation.
The new test after the recognition as malware!
part1)
After rebooting pc
part2)
H
hjlbx
The evidence is irrefutable.
Watch others deny, deny, deny...
Watch others deny, deny, deny...
Last edited by a moderator:
I layered protection as Comodo + free voodooshield may fail once is enough zero day malware (VT detection 0%) and Bumm. In this case, I relied on CF and voodooshield as nearly invincible .-) nothing is 100%
Get both products on a bicycle Suddenly I expected.Good luck and a layer of protection every day .-))
PS:It is already voodooshield stops malware by developer.If you take, you will:
Get both products on a bicycle Suddenly I expected.Good luck and a layer of protection every day .-))
PS:It is already voodooshield stops malware by developer.If you take, you will:
Interesting !!
Try this option then test file again
Try this option then test file again
He's using Proactive config isn't he? If so that box will already be tickedInteresting !!
Try this option then test file again
You may also like...
-
Shadowra's Big Comparative - Episode 1 : Free Antivirus- Started by Shadowra
- Replies: 174
-
-
I need help with a Malware Spanish logs
- Started by JuanS
- Replies: 2
-
LVoodooshield Beta 3.43 "local Sandbox"
- Started by Lucent Warrior
- Replies: 14
-
5 samples - download the real obfuscated Jscript code used to download 2 payloads- Jan,13 2017- Started by DardiM
- Replies: 22