Comodo FW bypass malware the sandbox (sandbox hips off + on) and voodooshield (autopilot)
- Thread starter Davidov
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
[Quote = "Umbra, post: 559.402, členka: 178"]. Zakázat políčko skenování v nastaveni VS, byste Meli mit řádku [/ quote]
Here, I have switched to Comodo HIPS, sandbox, etc. voodooshield and locked into lock down mode and the same succumbed .-)
In the case six minutes.
Here, I have switched to Comodo HIPS, sandbox, etc. voodooshield and locked into lock down mode and the same succumbed .-)
In the case six minutes.
Why VS don't have Internet connection?
Can you put this malware somewhere on the web (Zippyshare.com - Free File Hosting) so others can test it?
Tnx
Can you put this malware somewhere on the web (Zippyshare.com - Free File Hosting) so others can test it?
Tnx
keep in mind, VS will auto allow sandboxed processes from other security apps (Comodo in this case), unless the Parent Process feature setting is disabled in VS... so if you are going to test VS, please do it properly. Of course, when tested with Comodo not installed, VS blocked the file perfectly.
http://www.wilderssecurity.com/threads/voodooshield.313706/reply?quote=2628048
H
hjlbx
VS intercepts Thingthing.exe process first; sandboxing by CIS comes later\after. @Davidov selected Block in VS alert.
That is what video clearly shows...
H
hjlbx
VS alert was for No internet connection,
VS allow sandboxed processes and all its "Parent Process"
May he test again but disable "Parent Process feature setting" in VS.
H
hjlbx
Either way, he should try and test it with only VoodooShield installed. That would get rid all doubts(...or not)
Default deny-people
Which is why I suggested to test it with only VoodooShield. Cause I feel if not, people are gonna keep arguing "it's bypassed" and "no, it's isn't".
You guys are already on Page 5...
I test the file now , VS + Comodo
I explosive all VS files and process from Comodo ( Firewall + HIPS )
I explosive all VS files and process from Comodo ( Firewall + HIPS )
@Davidov
Thank you for your very good videos and perfect test.
I am so exited during watch your 2 videos.
We all know if there is malware now, later all antivirus engine will add it to its update.(it is normal)
Who know, WD will add it minutes later
Thank you for your very good videos and perfect test.
I am so exited during watch your 2 videos. We all know if there is malware now, later all antivirus engine will add it to its update.(it is normal)
Who know, WD will add it minutes later
D
Deleted member 178
At this time it is useless to test again voodooshield Due to a change detection on VirusTotal from 0% thus the percentages for VoodooAi. A different approach of the product to the sample than yesterday. It will not authentic.
"Like antivirus virus yesterday walking around today, but you ma in the database and blocks but yesterday it failed."
And thank you all for watching and comments and insights thanks .-)))
"Like antivirus virus yesterday walking around today, but you ma in the database and blocks but yesterday it failed."
And thank you all for watching and comments and insights thanks .-)))
D
Deleted member 178
He didn't so there was one of the flaw of the test.
But he didn't. it is the free version, you can't disable the Parent process feature. So VS let everything that comodo allow to execute. so if Comodo (or else) fail , VS will fail. When i setup VS , this feature is the first thing i disable among others.
Last edited by a moderator:
I'm really curious as to what is happening here. If you note the Killswitch results in my video versus the Killswitch settings in David's video in Post 77 above (the part 2 video) you will see that in mine running the file results in a Fully Virtualized restriction and Virtualization is Enabled, whereas in David's there is no Restriction and Virtualization shows up as being Disabled.
As the settings that Davidov uses are totally fine and are actually more restrictive than those used in my video, I wonder if having VS installed on the same system is resulting in Comodo not being able to utilize the sandbox.
As the settings that Davidov uses are totally fine and are actually more restrictive than those used in my video, I wonder if having VS installed on the same system is resulting in Comodo not being able to utilize the sandbox.
Probably why the Dev mentioned to test it with VS alone...
Maybe as Cruelsister stated you cannot run both together, both are similar in their actions, therefore Voodooshield could be blocking Comodo, but you are unaware of it.
D
Deleted member 178
Normally if you run an HIPS-style apps, you won't need an anti-exe. The anti-exe would defeat the whole purpose of having an HIPS...unless the anti-exe has a feature you need that the HIPS doesn't.
You may also like...
-
Shadowra's Big Comparative - Episode 1 : Free Antivirus- Started by Shadowra
- Replies: 174
-
-
I need help with a Malware Spanish logs
- Started by JuanS
- Replies: 2
-
LVoodooshield Beta 3.43 "local Sandbox"
- Started by Lucent Warrior
- Replies: 14
-
5 samples - download the real obfuscated Jscript code used to download 2 payloads- Jan,13 2017- Started by DardiM
- Replies: 22