- May 9, 2024
- 129
The only almost unbeatable thing is my technique at prevention. Containing everything for analysis. Comodo didn't contain everything but almost everything.
Comodo Internet Security 2025 does not contain RANSOMWARE (bypass, infection and lost of files)
- Thread starter vitao
- Start date
- Mar 12, 2024
- 190
they solved it on xcitium. recorded a new video with one particular setting. as soon as i get the time to edit it, ill publish the new video with subtitles, etc.
but just fyi xcitium now is able to protect us against the ransomware. cis continues to be destroied by it...
tried to post it on xcitium topic ive created but it seems their forum is offline...
but just fyi xcitium now is able to protect us against the ransomware. cis continues to be destroied by it...
tried to post it on xcitium topic ive created but it seems their forum is offline...
- Mar 12, 2024
- 190
Xcitium with new configuration can now prevent the ransomware to be executed!
FINALLY!!!
Watch it here:
This video has subtitles in English, Brazilian Portuguese and Spanish. If you need more subtitles, just let me know.
FINALLY!!!
Watch it here:
This video has subtitles in English, Brazilian Portuguese and Spanish. If you need more subtitles, just let me know.
- Dec 23, 2014
- 8,904
Yes. There are two settings :
When the benign EXE file (vulnerable to DLL hijacking) is executed, Xcitium monitors loaded DLL and blocks if it is Unknown.
Comodo (CIS) still does not monitor loaded DLLs, so it cannot block DLL hijacking attacks.
- Monitor DLL files being loaded by running processes (Enabled).
- Auto-block unknown DLL file(s) from being loaded by processes (Enabled).
When the benign EXE file (vulnerable to DLL hijacking) is executed, Xcitium monitors loaded DLL and blocks if it is Unknown.
Comodo (CIS) still does not monitor loaded DLLs, so it cannot block DLL hijacking attacks.
Last edited:
![[correlate]](/data/avatars/m/79/79653.jpg?1556985072){kind=avatar}
- May 4, 2019
- 833
What is your solution
or the solutions you rely on for protection.
And thank you.
- Mar 12, 2024
- 190
yes. as explained in the video. now lets hope they dont take another 3~4 years to bring this fix into cis...
- Dec 23, 2014
- 8,904
yes. as explained in the video. now lets hope they dont take another 3~4 years to bring this fix into cis...
Those settings can increase security but at the cost of many false positives. Even if one whitelists all signed DLLs (like in Windows Smart App Control), the number of false positives can be too great for most non-enterprise users. We also must remember that with that fix the unknown DLLs are blocked and not auto-contained.
Last edited:
@Sandbox Breaker - DFIR, If I'm right, you use Xcitium. Can you confirm if the settings below are old or new?
Monitor DLL files being loaded by running processes
Auto-block unknown DLL file(s) from being loaded by processes
Monitor DLL files being loaded by running processes
Auto-block unknown DLL file(s) from being loaded by processes
- Mar 12, 2024
- 190
theyre new. according with a mod there its a new option added to prevent these kind of problem exposed on my videos. i dont know when exacly they added it but its new.
- Jan 6, 2022
- 560
- Mar 12, 2024
- 190
And now cruelsister is trying, at all costs, desperately, to discredit my videos by claiming that the DLL was magically in the system, and that "afterwards" it is activated and therefore the video would be unreliable.
But it seems that she forgot to "watch the videos" and realize that the ransomware was, from the beginning, compressed in a password-protected file, which means that it doesn't matter if it was there or if I downloaded it only after installing CIS. Since it is a compressed file with a password, no antivirus will be able to see what is inside, so...
Anyway, once again she shows that she is just a silly girl trying to make fun on the internet.
Either that or it is just a fake account of Melih himself or some other member of the Comodo staff... who knows...
Ps.: Comodo has finally classified the DLL as malware. So, now, CIS can identify the DLL as malware and block its execution. At least during the manual scan. I'm going to do some tests to see if the DLL is still executed through the .EXE that makes the calls to it. And I'm also waiting for Loyiza (if she's interested) to make some simple change to the DLL so that everyone understands that the exploit problem hasn't been fixed in CIS yet...
Or is it not even worth wasting time on this anymore?
But it seems that she forgot to "watch the videos" and realize that the ransomware was, from the beginning, compressed in a password-protected file, which means that it doesn't matter if it was there or if I downloaded it only after installing CIS. Since it is a compressed file with a password, no antivirus will be able to see what is inside, so...
Anyway, once again she shows that she is just a silly girl trying to make fun on the internet.
Either that or it is just a fake account of Melih himself or some other member of the Comodo staff... who knows...
Ps.: Comodo has finally classified the DLL as malware. So, now, CIS can identify the DLL as malware and block its execution. At least during the manual scan. I'm going to do some tests to see if the DLL is still executed through the .EXE that makes the calls to it. And I'm also waiting for Loyiza (if she's interested) to make some simple change to the DLL so that everyone understands that the exploit problem hasn't been fixed in CIS yet...
Or is it not even worth wasting time on this anymore?
It is not clear from the staff's reply if those settings are old or new. He states they are looking into the issue and then directs you to those settings, mentioning the settings are there for such situations but disabled by default to avoid false positive cases.
- May 9, 2024
- 129
My solution is not for daily usage but rather than malware analysis. Sandboxing everything then analyze it in containment.
- Mar 12, 2024
- 190
So, as a way to show and prove that the problem was not solved on CIS, and even marking the DLL as malicious doesnt make any difference in the real world...
Full test, without cuts and without speedup, of Comodo Internet Security against the Ransomware! So there are no doubts or excuses for some...
Take a look:
Ps.: The video has subtitles in english, portuguese and spanish. Tt's saved as draft so anyone with the link can watch. Later I'll schedule it on the channel. If anyone needs more subtitles, just ask and I'll provide on the video.
Full test, without cuts and without speedup, of Comodo Internet Security against the Ransomware! So there are no doubts or excuses for some...
Take a look:
Ps.: The video has subtitles in english, portuguese and spanish. Tt's saved as draft so anyone with the link can watch. Later I'll schedule it on the channel. If anyone needs more subtitles, just ask and I'll provide on the video.
bazang
Level 13
- Jul 3, 2024
- 649
@vitao 's video clearly shows what he is stating is fact. There is no need for you to get upset. The girl has difficulties accepting reality for what it is sometimes. She can be very defensive about her one and only true love - Comodo. There's definitely a fixation or perhaps fetish with Comodo in her relationship with it.
Everything ever made by Comodo has always been a dumpster fire because the products have no adequate revenue to support their continued development and maintenance. There is no dedicated development team for any of the Comodo software products. Comodo developers are quickly cycled from one project to another, one fire to another fire. The work environment is chaos, inconsistent, and that type of culture generally produces undesired, lower quality product. Many people struggle to work at Comodo. There is high employee turnover.
The Comodo way is a cycle of user complaints with long online arguments amongst fanbois and fangirlz and the complainers. That combined with the Comodo forum banning of reporters of bugs, bypasses and other problems because Melih does not want those reports made public. Only after very consistent, long, drawn-out criticisms and demonstrations of fact are things ever fixed.
I thought CAV was going to be a winner but it turned out to have high operational expenses and Melih just did not want to pay any more of his own personal money into that project. Immediately, RIP CAV. The same as a long, long list of Melih's software pet projects.
This is what you get from a rich software publisher who has a life-long ideological dispute with the AV industry and fights for his ideology with a free software handout.
Comodo is Melih's ideological experiment and it will never be any better than it is right now. If elite pentesters that earn millions of Euros per year were set upon CIS, CFW, and Xcitium, they would annihilate it. They don't do it because it is a waste of their very valuable time. Melih would never hire them to pentest his product, not even if his childrens' lives depended upon it. Do you think Melih would pay out 1,000,000 Euros for proven remote code execution vulns because of exploits of Comodo? No. He would not. As is his usual fashion he either ignores reports or dismisses them as not being realistic.
Comodo could be truly great, but it would require a entire re-code. That takes a significant amount of money that Melih has always communicated in his own way that he not willing to spend that kind of money on the software.
With Comodo, you accept it for all its problems, make the best of what works, do not use what does not work, and put a lot of effort into understanding how to make the most of its features and settings, while also learning to control frustrations about bugs and other issues. That is the Comodo experience. Some people are capable of dealing with it, others are not.
It is difficult to understand how people think that continuous complaining is ever going to motivate Melih to make Comodo a refined product. He has stated for decades that he will not do that because he thinks it is good enough given the amount of his own pocket money that he puts into it.
@bazang Thank you for this detailed explanation as I do feel better informed now.
That's my view as well. I appreciate and watch @cruelsister's Comodo demonstrations. She is popular in the Comodo space, but I don't see her as an expert. I have seen no posts where she really shows in-depth knowledge of Comodo.
Precisely, @vitao, similarly, is in the endless loop of complaints. Product testing, highlighting issues to the vendor, concludes the process for a tester.
bazang
Level 13
- Jul 3, 2024
- 649
What is happening is predictable since it is social media. There is enough machinations and game playing by both sides. That has been the case since Day 1 of CIS.
I really have no idea what people hope to achieve. C'mon. It is ridiculous. People very, very seriously investing themselves mentally and emotionally into software - one of the worst categories of man-created products. Somebody please provide a rational explanation as to why there are people that take software so seriously? Why do they love products so much that they cannot handle any form of criticism? Why does fanboism and fangirlizm exist? It is a very troubling syndrome. Just look at gaming and the circle jerk wars that have been raging over "What is the best game?" for decades.
I hope Melih continues to personally subsidize his very troubled pet project and make it available to the world. Because we can all count on people to create drama over it. The drama will never end. It is great fun to spectate all the gaslighting and baiting.
- Mar 12, 2024
- 190
