Comodo Internet Security 2025 does not contain RANSOMWARE (bypass, infection and lost of files)

simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Andy Ful said:
verdict.valkyrie.comodo.com

Valkyrie Verdict

KNow what is safe, and what is malware with Valkyrie Verdict - your free analysis service for files and websites.
verdict.valkyrie.comodo.com verdict.valkyrie.comodo.com
Click to expand...
Thanks, the webpage looks like the upload page I tried a day or 2 ago, but uploaded file just seemed to spin in a loop... Just tried again with 3.5 mb file and I got: 500 oops! something went wrong. we are fixing it please come back in a while... BUT just tried a URL and it seems to be working for that...
 
  • Like
Reactions: rashmi and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
simmerskool said:
Thanks, the webpage looks like the upload page I tried a day or 2 ago, but uploaded file just seemed to spin in a loop... Just tried again with 3.5 mb file and I got: 500 oops! something went wrong. we are fixing it please come back in a while... BUT just tried a URL and it seems to be working for that...
Click to expand...

I tried it a few minutes ago without any issues. But, it may be overloaded sometimes.
 
  • Thanks
  • Like
Reactions: rashmi and simmerskool
Vitali Ortzi

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,585
Andy Ful said:

Adrian Ścibor

@Loyisa (MT member) who made the POC is in contact with Comodo. She also helped to identify the sandbox escape exploit:
forums.comodo.com

PoC bypass Auto-Sandbox CIS

https://www.youtube.com/watch?v=l50HNQYFD5Y 💣
forums.comodo.com forums.comodo.com
Click to expand...
WikiLeaks vault 7 shown that comodo wasn't an easy target for CIA as it blocked even windows (they weren't really able to get any payload to execute on comodo 5.0)
So I wonder if it is possible to configure it like past comodo where even windows isn't trusted
Comodo 6.X Gaping Hole of DOOM
Comodo, as you may know, is a colossal pain in the posterior. It literally catches everything until you tell it not to, including standard windows services (say what?!?).

...at least, that's what happens on Comodo 5.X. In 6.X, Comodo apparently decided that catching things that were part of windows was a Bad Thing(tm). Their "fix" was... kinda lame

Anything running as SYSTEM is automatically legit under 6.X. ANYTHING. Let that sink in. Got a kernal level exploit? Good, because you can drop the kitchen sink and the contents of your garage and as long as you continue to run as SYSTEM you are golden. Yeah.

Needless to say, Comodo 6.X doesn't catch nearly as much stuff. Comodo's user base, paranoid bastards that they are, has apparently caught wind of this and lots of them haven't upgraded to 6.X. Kind of a shame, cuz this is a hole you could drive a very large wheeled freight carrying vehicle through. However, if you're lucky enough to be going against a target running 6.X, have fun!
Click to expand...
 
  • Like
Reactions: simmerskool, rashmi and Andy Ful
simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Andy Ful said:
I tried it a few minutes ago without any issues. But, it may be overloaded sometimes.
Click to expand...
I created a new user sign-in and activated ok, then I sent a sha256 for a file that is "suspicious" and using firefox I get: "secure site not available -- you've enabled HTTPS...and a HTTPS version of verdict.valkyrie.comodo.com is not available" -- I find this "unsettling" or WTF! (this has happened at least twice today) WTFx2 -- is this "acceptable"? am I the only seeing this? :unsure:
 
  • Like
Reactions: rashmi and Andy Ful
simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Andy Ful said:
The website quickly displays the result if the uploaded file is already known.
The full analysis may take some hours if the uploaded file is unknown.
Click to expand...
well ok but I'm not seeing anything to tell me the file is being analyzed, and you saw my post about uploading sha256 and getting no HTTPS... weird imo.
 
  • Like
Reactions: rashmi
rashmi

rashmi

Level 12
Jan 15, 2024
578
simmerskool said:
well ok but I'm not seeing anything to tell me the file is being analyzed, and you saw my post about uploading sha256 and getting no HTTPS... weird imo.
Click to expand...
I tested the Valkyrie website in different scenarios. I tried it without a VPN, disabling the ad blocker and secure DNS. Valkyrie, it appears, is experiencing some technical issues. Sometimes it gives a verdict, sometimes it shows an error, and sometimes the analysis just loops.
 
  • Hundred Points
Reactions: simmerskool
simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
rashmi said:
I tested the Valkyrie website in different scenarios. I tried it without a VPN, disabling the ad blocker and secure DNS. Valkyrie, it appears, is experiencing some technical issues. Sometimes it gives a verdict, sometimes it shows an error, and sometimes the analysis just loops.
Click to expand...
ok thanks, yes I have seen all of those :ROFLMAO: glad there are other sandbox analyzer sites that work
 
  • Like
Reactions: rashmi
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
simmerskool said:
... glad there are other sandbox analyzer sites that work
Click to expand...

I sent an unknown file over 12 hours ago. The file is still being analyzed:

1734777189091.png


However, the partial analysis result (signature detection) was available after a minute:

1734777296925.png


Valkyrie is probably overloaded, so the Human Expert Analysis may currently take several hours (days?). I have seen examples where the full analysis lasted about two hours.
Valkyrie is not as fast as other automated sandboxes, but the advantage is that the full analysis includes Human Expert Analysis, for example:

1734777965649.png
 
Last edited:
  • +Reputation
  • Like
Reactions: simmerskool and rashmi
rashmi

rashmi

Level 12
Jan 15, 2024
578
The previous Valkyrie website, featuring a red design, offered speedy performance on par with similar services. This new Valkyrie website, it appears, is having a few technical glitches.
 
  • Like
Reactions: simmerskool
Vitali Ortzi

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,585
rashmi said:
The previous Valkyrie website, featuring a red design, offered speedy performance on par with similar services. This new Valkyrie website, it appears, is having a few technical glitches.
Click to expand...
Xcitium human analysis sometimes false flags stuff as malware that isn't and objections at least in my case didn't help
But Symantec actually first gave me a report of it being malicious but then after a few days I have got a report confirming a file I have sent is safe

Anyway nowadays I usually use Symantec instead especially if it's a big binary (750mb limit )and Threat Insights Portal (mainly check any.run behavior , network from the vendors in neiki )

Tip Use checkpoint threat emulation as threat emulation is pretty good at detecting all kinds of fancy tactics (every file under 100mb goes through threat emulation)
It's really powerful and in my system I install a ton of shady stuff and thankfully threat emulation prevented nearly every malware I could have encountered and a few that passed(sometimes because they are password protected) were nearly all detected by eset (in my setup they would have to deal with comodo and hitman pro.alert next if I would trust an unknown file enough to execute and stuff that bypassed these might still have the communication blocked based on webpulse reputation of Symantec ips and firewall modules )




Comodo is very powerful but since it's increased it's trust not just towards windows binaries (possibly after comodo 5.0) and in recent times to having a trusted vender list Wich means that stuff trusted can technically turn malicious
Meanwhile I doubt any comodo user even has malware on their system there is still a chance some future APT can get on the trusted list and since the main aim of the product is enterprises they might actually get one day affected if they use xcitium as their only defense
 
Last edited:
  • +Reputation
Reactions: rashmi and simmerskool
simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Nice thanks but fwiw I have never seen a Valkyrie "your file is being analyzed" window -- just a spinning loop... more concerned by URL popup no HTTPS...
 
  • Like
Reactions: rashmi
simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Vitali Ortzi said:
Comodo is very powerful but since it's increased it's trust not just towards windows binaries (possibly after comodo 5.0) and in recent times to having a trusted vender list Wich means that stuff trusted can technically turn malicious
Click to expand...
I recall (vaguely) a few years back discussions about heavily editing (deleting) the trusted vendors' list. I never did that, but I think some folks did or do... :unsure:
 
  • Like
Reactions: rashmi
vitao

vitao

Level 3
Thread author
Mar 12, 2024
110
Adrian Ścibor said:
This is very odd to me. You want to do security, you discuss certain things publicly, but you hide some basic data to make users more secure.
Click to expand...
no man. you get it wrongly. i received aproval from who developed the poc to show on my videos and he/she asked to not share it, so i respect it. get the point? as andy said, try to contact he/she about the sample for v4 (the one ive being testing and showing cis and xcitium being obliterated)
 
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
Here is a post on the Wilders Security forum related to this thread:
https://www.wilderssecurity.com/thr...final-infos-thread.453843/page-3#post-3218351

I must partially agree with @cruelsister. The readers might wrongly understand the interesting POCs and discussions here because of very different viewpoints. I saw a similar situation when reading interesting threads about bypassing Microsoft Defender and other AVs. Whenever the bypass was presented, some people were convinced that AV was not enough, and willing to change it to another one. Such a reaction is natural but mainly irrational. Let's not be fooled by emotions.
The POCs and bypasses have a much smaller impact on security than hundreds of new malware variants, that bypass AVs each day due to the limitations of Machine Learning.
Currently, the Malware-As-A-Service is sufficiently prevalent and malware is often prepared to bypass the protection of most AVs.
  1. People who use Comodo should not be surprised that it can be bypassed. Auto-containment is not a perfect solution.
  2. Users should not think that other AVs can protect better because someone presented some of Comodo's bypasses or POCs.
It is better to see an AV like a human immune system. It is not intended to protect any cell in the body but to prevent infecting many cells.
 
Last edited:
  • Hundred Points
  • +Reputation
  • Like
Reactions: simmerskool, Fel Grossi, rashmi and 1 other person

Similar threads

Bot
    • Like
  • Locked
Find out what’s new in Windows and Office in October
Replies
1
Views
2,193
OS Archive
Vasudev
V
R
    • Like
  • Locked
Norton Security Review 2017
Replies
0
Views
4,062
Norton
ras74
R
Logethica
    • Like
A Guide to IoT (the Internet of Things)
Replies
2
Views
3,103
Malware Analysis Archive
DardiM
DardiM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top