Comodo I.S. 5.8 FINAL vs. Trojan.Win32 GPCODE ( comodo bypassed ) by acafacaa1
- Thread starter win7holic
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Status
Old weakness of D+ that is detected by the AV and cloud. it is pointless to use CIS without its AV and Cloud part. and if you use just CFW you should have an AV running alongside that will anyway detect it.
doing like this video is similar to say "will the airbag of my car will save me from injuries if i dont use the seatbelts"
If the sandbox is set on "Block", the malware cant run. Dont forget that the automatic sandbox is not a virtualized environment (like Sandboxie), it is just based on policy restrictions (and policy restrictions can be bypassed). it is why i run sandboxie (all the time) and Shadow Defender (when i going to load a malicious site or apps).
in addition you can add this on blocked file to block it: *_CRYPT
and protect your file by adding them to Protected Files and Folders (D+ tab) in this method:
*.jpg|
jpeg can be substituted by any extensions but the | sign MUST be put behind it so that sandboxed apps can't modify the extension.
doing like this video is similar to say "will the airbag of my car will save me from injuries if i dont use the seatbelts"
If the sandbox is set on "Block", the malware cant run. Dont forget that the automatic sandbox is not a virtualized environment (like Sandboxie), it is just based on policy restrictions (and policy restrictions can be bypassed). it is why i run sandboxie (all the time) and Shadow Defender (when i going to load a malicious site or apps).
in addition you can add this on blocked file to block it: *_CRYPT
and protect your file by adding them to Protected Files and Folders (D+ tab) in this method:
*.jpg|
jpeg can be substituted by any extensions but the | sign MUST be put behind it so that sandboxed apps can't modify the extension.
AyeAyeCaptain
Level 1
- Feb 24, 2011
- 585
I did ask someone who posted same link but was not the creator of the video on Comodo forums about this... but had no reply.. with regards to what you meantioned with AV + Cloud. Also have since took the notion to add certain folders to protected since as well 
AyeAyeCaptain
Level 1
- Feb 24, 2011
- 585
- Jan 24, 2011
- 9,378
Not exactly a new vulnerability here :shy:...Wonder why isn't Comodo doing anything to avoid this bypass , I know that an attack is very unlikely and the antivirus will stop this but still it makes the product look bad.
This looks more like the price that Comodo has to pay in order to reduce the D+ alerts...Now the question...If the Sandbox was disabled would the attack still be successful?
This looks more like the price that Comodo has to pay in order to reduce the D+ alerts...Now the question...If the Sandbox was disabled would the attack still be successful?
AyeAyeCaptain
Level 1
- Feb 24, 2011
- 585
Jack said:
And also was discussed solutions an why they can't be added yet, Egemen did say full fix coming in v6 (sandbox full virtual assume?), but when is that released, that's another story. Just goes to show that no software is ever 100% secure and will always have a flaw or some sort.
- Jan 24, 2011
- 9,378
rynesandbergfan23 has tested CIS 5.8 against GPCode Trojan .... the result are the same as in the previous video test but additionally he showed how users can protect from this threat.
Uploaded by rynesandbergfan23 on Oct 19, 2011
Uploaded by rynesandbergfan23 on Oct 19, 2011
Last edited:
- Status
Similar threads
