App Review Comodo Internet Security 11 Review | Test vs Malware

[Moonhorse]

This Valkyrie project is very ambitious and the same time very risky.

Not really, advanced user will probably never be infected in real life
And if that happens once, valkyrie probably wont fp that and the backup saves ass anyways

If you take a look at CCAV its great av when comparing the performance and it comes as free product

The malware couldnt even prompt, and woul've been clean after antimalware reboot

 

[Nestor]

Not really, advanced user will probably never be infected in real life
And if that happens once, valkyrie probably wont fp that and the backup saves ass anyways

If you take a look at CCAV its great av when comparing the performance and it comes as free product

The malware couldnt even prompt, and woul've been clean after antimalware reboot

The power of Comodo is not only the container but also the HIPS.In this case we don't know if it gave an alert,actually it was off but if it was on i believe it wil prompt an alert so an advanced user would understand that something was wrong.This also proves the wrong testing Leo used for this program.

 

[cruelsister]

If you create an account at verdict.valkyrie.comodo.com you can download this file.

M- I don't mean to burden you in any way, but I did sign up for an account at valkyrie and did not see any option to download the sample (I thought it may have been a browser issue, but tried it with all of them and still No Joy).

If you have the time and desire, can you upload the file to something like Google Drive and PM me the link? I hate making ignorant statements and would like to determine what occurred (although the shotgun method of the Python script used hardly represents real world usage).

Anyway, if you have the time it would be appreciated, if not you still have my respect!.

M

 

[BoraMurdar]

M- I don't mean to burden you in any way, but I did sign up for an account at valkyrie and did not see any option to download the sample (I thought it may have been a browser issue, but tried it with all of them and still No Joy).

If you have the time and desire, can you upload the file to something like Google Drive and PM me the link? I hate making ignorant statements and would like to determine what occurred (although the shotgun method of the Python script used hardly represents real world usage).

Anyway, if you have the time it would be appreciated, if not you still have my respect!.

M

Check your inbox

 

[Deleted member 178]

My post is based on assuming the file was trusted.

a lesson Comodo needs to learn with their trusted list.

It happened already, they don't retain the lesson, Comodo is a lost cause; like some major bugs not fixed after 10 years, denying of bug reports, etc...LOL.

The power of Comodo is not only the container but also the HIPS.In this case we don't know if it gave an alert,actually it was off but if it was on i believe it wil prompt an alert so an advanced user would understand that something was wrong.This also proves the wrong testing Leo used for this program.

The testing was not wrong. The HIPS is disabled by default but not OFF
Comodo Internet Security's Auto-Sandbox (Containment) & HIPS interaction explanation

but even HIPS is ON, it won't do at damn thing because the file was trusted, the only right setting to catch the file is to set the HIPS on Paranoid, as i always promoted.

Comodo's Myths & Facts


Comodo without HIPS on Paranoid = put your pant down and bend over.

so before bashing a tester, learn the damn software.


itwt

 

[Nestor]

My post is assuming the file was trusted.


It happened already, they don't retain the lesson, Comodo is a lost cause; like some major bugs not fixed after 10 years, denying of bug reports, etc...LOL.


The testing was not wrong. The HIPS is disabled by default but not OFF
Comodo Internet Security's Auto-Sandbox (Containment) & HIPS interaction explanation

but even HIPS is ON, it won't do at damn thing because the file was trusted, the only right setting is to set the HIPS on Paranoid, as i always promoted.

Comodo without HIPS on Paranoid = put your pant down and bend over.

so before bashing a tester, learn the damn software.


itwt

Even when HIPS is on safe mode, in some trusted files they "false" give an alert considering malicious actions,(ccleaner).It could be the same in that case and this maybe will make someone suspicious.

 

[Deleted member 178]

Check here: Comodo's Myths & Facts

• Safe Mode = "HIPS Alert Mode" for any Unrecognized files + Auto-Sandboxing of Unrecognized files

last time i used Comodo, Safe mode only alert on "unrecognized" file, safe mode assume (obviously) that a trusted file is clean and will ignore it.
i dont believe the principle changed since.

 

[Nestor]

Check here: Comodo's Myths & Facts

• Safe Mode = "HIPS Alert Mode" for any Unrecognized files + Auto-Sandboxing of Unrecognized files

last time i used Comodo, Safe mode only alert on "unrecognized" file, safe mode assume (obviously) that a trusted file is clean and will ignore it.
i dont believe the principle changed since.

I am using now CIS v10 Proactive,HIPS on (safe mode) and when i run ccleaner i am getting an alert "a program trying to make changes to your browser"and it's trusted.

 

[Moonhorse]

I am using now CIS v10 Proactive,HIPS on (safe mode) and when i run ccleaner i am getting an alert "a program trying to make changes to your browser".

The newest cis build wont even do that ( 11) also for me safe mode hips is killing forticlient completely so i have to run hips off on cf . Anyways im using cs settings on fw for now

The 11 is buggy as people talks, but still usable for some people

 

[Nestor]

The newest cis build wont even do that ( 11) also for me safe mode hips is killing forticlient completely so i have to run hips off on cf . Anyways im using cs settings on fw for now

The 11 is buggy as people talks, but still usable for some people

I hope they will fix v.11,it's already 2 months + in BETA.

 

[BoraMurdar]

I've downloaded the file, and by my preliminary estimation, the file is indeed malware wrongly marked as Trusted by Comodo.
It doesn't do anything obviously malicious for today's standards (encrypting documents)"except" for calling home, adding some reg keys.

Enough for me to mark it as malicious.

 

[Deleted member 178]

I've downloaded the file, and by my preliminary estimation, the file is indeed malware wrongly marked as Trusted by Comodo.

yeah, so it is not the first time, we had already a long thread in the past for the same reason...how can you trust a vendor that keep whitelisting malware LOL

 

[BoraMurdar]

yeah, so it is not the first time, we had already a long thread in the past for the same reason...how can you trust a vendor that keep whitelisting malware LOL

Even their expert reviewed the file and marked it as malicious, but in the end, they put it in the Trusted bucket.

 

[Deleted member 178]

Even their expert reviewed the file and marked it as malicious, but in the end, they put it in the Trusted basket.

Shameful, people must be blind to keep trusting it (sorry for the pun) after all the issue/bugs discovered.
I was a big fan of Comodo from v3 to v8, then i say bye bye...

itwt

 

[Moonhorse]

Shameful, people must be blind to keep trusting it (sorry for the pun) after all the issue/bugs discovered.
I was a big fan of Comodo from v3 to v8, then i say bye bye...

itwt

 

[Morphius]

Even their expert reviewed the file and marked it as malicious, but in the end, they put it in the Trusted bucket.
View attachment 196644View attachment 196645View attachment 196646View attachment 196647View attachment 196648View attachment 196649View attachment 196650View attachment 196651View attachment 196652View attachment 196653View attachment 196654View attachment 196655View attachment 196656View attachment 196657View attachment 196658View attachment 196659View attachment 196660View attachment 196661View attachment 196662View attachment 196663

This is an automated analysis and this file was trusted before it. Its “trusted” verdict is not based on it. It has to be removed.

The alert from Ccleaner about browser modification is independent from HIPS. It comes from browser protection module. This module protects browsers from both trusted and unknown files modification.

 

[BoraMurdar]

This is an automated analysis and this file was trusted before it. Its “trusted” verdict is not based on it. It has to be removed.

The file is still Trusted, I tested it 40min ago against Comodo Cloud AV. And where is the logic in that? Isn't the purpose of the "cloud" being always up to date? The file dates from 2014, reviewed 3 times by Valkyrie and 1 time by a human, relation 2:2 Malware:NotMalware

 

[shmu26]

Use Comodo together with an AV. It is very unlikely for both softwares to make the same mistake, and whitelist the same malware sample.
Because for Comodo to mistakenly whitelist malware, it needs to be reviewed by a human. By the time that happens, most AVs will already know about the file, and blacklist it.
This way, Comodo will block the zero-days, and your AV will block the Comodo mistakes. You are covered from all angles.

 

[Morphius]

The "trusted" label was removed.

Valkyrie Verdict

 

[klaken]

This is the case of a false negative of Valkyrie.
All AV can have this error, without exceptions.

clean signatures = no detected malware by signatures = not detected by any av.

AI have a capacity of 90% to 98% depending .. approx 1-2% of malware not detected.