Hello cruel sister's first game is infestation and the other is a T-cleaner both legitimate files.With java it has nothing to anis Saemonkey.
Last edited:
Comodo FW bypass malware the sandbox (sandbox hips off + on) and voodooshield (autopilot)
- Thread starter Davidov
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Hello cruel sister's first game is infestation and the other is a T-cleaner both legitimate files.With java it has nothing to anis Saemonkey.
I think that she is asking what is this 3rd rule (green in picture)?
Normaly you only have this 3 (orange in picture).
UPDATE:
I just installed Comodo Firewall and this is what default settings is:
Last edited:
The third is a default folder.The last stanza Shared used instead, I use a desktop folder Download Now
1 — Postimage.org
Here is my config for Comodo uploadnut can download and try.
comodo FW setings.cfgx
Does not part the player application, browser, etc. I have one rule for all untrusted for applications beyond recognition.
1 — Postimage.org
Here is my config for Comodo uploadnut can download and try.
comodo FW setings.cfgx
Does not part the player application, browser, etc. I have one rule for all untrusted for applications beyond recognition.
Last edited:
For my peace I recorded it again at the default settings just laughed changes.
part1)
part2)
part1)
part2)
despite the pathetic denial of facts and pathological defensiveness that I saw in certain posts -- not on this forum -- it does seem that Voodooshield has taken note of the problem.
While it was problem. It doesn't seem to have been a bypass, at least with regard with VoodooShield. But a simple design flaw.
> Automatically allow by parent-process
@Umbra and Dan were discussing ways to fix(improve) this. So, I don't think it would take Dan long to do so.
> Automatically allow by parent-process
@Umbra and Dan were discussing ways to fix(improve) this. So, I don't think it would take Dan long to do so.
I think they are having some problems with Valkyrie. They did mention that it's not ready. Another idea would be that trusted malware go trough a different process that I do not know. OR They changed their mind since it could be a clean file (as I did not check the file).
BUT here's an interesting fact: I have submitted yesterday an unknown file and it was added to signatures immediately. Link: Advanced File Analysis System | Valkyrie
Perhaps someone should report it on their forums here:
Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!) - AV False Positive/Negative Detection Reporting
Either way, they were always bad at cloud part. It's not a bypass though.
I saw in cruelsister's video that the process is fully virtualized, BUT is labelled as "trusted installer" by Killswitch. Maybe the message asking about the elevate privileges appeared before CIS could make the check up online? Could it be the reason why in cruelsister's video the file was sandboxed although considered safe by CIS?
Hehe now i am so curious about this that i want to test this sample
myself against Comodo which i have used for 5 years without any infection.
So were can i find this sample??
myself against Comodo which i have used for 5 years without any infection.
So were can i find this sample??
These tests prove nothing about the effectiveness of Voodooshield to block malware which in my opinion is still exceptional.
All they do prove to me is:
All they do prove to me is:
1. The tester must fully understand in explicit detail how the product(s) they're testing work
2. Don't test two products together that perform similar protections or functionality that overlaps
3. Test real and not "theoretical" malware
3. Don't' shout "bypass" unless you are a malware testing expert - maybe PM the developer first and give them a chance to test (Oh no you can't do that because then you won't have chance to gain popularity by posting a video that discredits the developer/product)
2. Don't test two products together that perform similar protections or functionality that overlaps
3. Test real and not "theoretical" malware
3. Don't' shout "bypass" unless you are a malware testing expert - maybe PM the developer first and give them a chance to test (Oh no you can't do that because then you won't have chance to gain popularity by posting a video that discredits the developer/product)
That IMO is extremely harsh and unwarranted. Dan did what any developer would do which is defend his product, and quite rightly so, because clearly this wasn't a "bypass".
This is not the first time I have seen people report that COMODO "updates" failed to update their local machines properly with the new whitelist or blacklistI think they are having some problems with Valkyrie. They did mention that it's not ready. Another idea would be that trusted malware go trough a different process that I do not know. OR They changed their mind since it could be a clean file (as I did not check the file).
BUT here's an interesting fact: I have submitted yesterday an unknown file and it was added to signatures immediately. Link: Advanced File Analysis System | Valkyrie
Perhaps someone should report it on their forums here:
Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!) - AV False Positive/Negative Detection Reporting
Either way, they were always bad at cloud part. It's not a bypass though.
Disclaimer: I have nothing against any product. I'm pretty sure there is no issue but I'm just saying that I do not like the interpretation...
Why is VoodooShield tested against "blocking"? I find that very confusing. Shouldn't it be tested against local Sandbox? Am I misunderstanding? To me it means nothing as I could easily rely on UAC or/and scripts.
Why is VoodooShield tested against "blocking"? I find that very confusing. Shouldn't it be tested against local Sandbox? Am I misunderstanding? To me it means nothing as I could easily rely on UAC or/and scripts.
H
hjlbx
Voodooshield is an anti-executable so it is appropriate to test its blocking capabilities.
I tested the malware as a normal user that may infect wild. I have nothing against the developer and I like voodooshield comodo.Ale even casual users will also do different counting starts and will be relying on him to keep the product and will not edit anything.
It is the forum that is why we are discussing. If this is the "experts" do not like at the Create room for experts only, or test only by the developer.Here is the general public and everybody has the right to say his opinion.
It is the forum that is why we are discussing. If this is the "experts" do not like at the Create room for experts only, or test only by the developer.Here is the general public and everybody has the right to say his opinion.
I personally appreciate your time, effort and contribution to the community by making these issues public, so thank you.
Why is the fact that Dan at VooDooShield was banned on MT even being brought up in this thread 
If you weren't a member in 2013 then you do not know the reason and this fact has no bearing whatsoever on the Company,the Software or this thread.
If you weren't a member in 2013 then you do not know the reason and this fact has no bearing whatsoever on the Company,the Software or this thread.
Last edited:
Why is the fact that Dan at VooDooShield was banned on MT even being brought up in this thread
If weren't a member in 2013 then you do not know the reason and this fact has no bearing whatsoever on the Company,the Software or this thread.
I am a member here in MT since 2014, I do not know the reason why Dan banned, all I know how Dan is Polite and a distinctive personality
I know that throw some PM between us here in MT, Wilders Forums and emails.
I just wonder !
I do not talk here about developer OR how VS good or bad, I taking about good man.
Perhaps Forum commitment laws is the reason, Who know?
Dan is a very nice guy and very generous as well as accessible. However when posts start going with the "Fanboy" talk and that a certain member was banned then this now has crossed the line between what is relevant and what is completely off topic.
We just need to stay on topic or the thread will be closed to solve the problem.
We just need to stay on topic or the thread will be closed to solve the problem.
Any chance of getting back on topic? lol. Is this a legitimate bypass of Comodo Firewall, yes or no?
You may also like...
-
Shadowra's Big Comparative - Episode 1 : Free Antivirus- Started by Shadowra
- Replies: 174
-
-
I need help with a Malware Spanish logs
- Started by JuanS
- Replies: 2
-
LVoodooshield Beta 3.43 "local Sandbox"
- Started by Lucent Warrior
- Replies: 14
-
5 samples - download the real obfuscated Jscript code used to download 2 payloads- Jan,13 2017- Started by DardiM
- Replies: 22