- Mar 12, 2024
- 182
Comodo Internet Security 2025 does not contain RANSOMWARE (bypass, infection and lost of files)
- Thread starter vitao
- Start date
- Dec 23, 2014
- 8,821
I tried it a few minutes ago without any issues. But, it may be overloaded sometimes.
- Apr 9, 2018
- 223
This is very odd to me. You want to do security, you discuss certain things publicly, but you hide some basic data to make users more secure.
- Dec 23, 2014
- 8,821
Adrian Ścibor
@Loyisa (MT member) who made the POC is in contact with Comodo. She also helped to identify the sandbox escape exploit:
- Dec 12, 2016
- 1,928
WikiLeaks vault 7 shown that comodo wasn't an easy target for CIA as it blocked even windows (they weren't really able to get any payload to execute on comodo 5.0)Adrian Ścibor
@Loyisa (MT member) who made the POC is in contact with Comodo. She also helped to identify the sandbox escape exploit:
So I wonder if it is possible to configure it like past comodo where even windows isn't trusted
- Apr 16, 2017
- 2,933
I created a new user sign-in and activated ok, then I sent a sha256 for a file that is "suspicious" and using firefox I get: "secure site not available -- you've enabled HTTPS...and a HTTPS version of verdict.valkyrie.comodo.com is not available" -- I find this "unsettling" or WTF! (this has happened at least twice today) WTFx2 -- is this "acceptable"? am I the only seeing this?
- Dec 23, 2014
- 8,821
The website quickly displays the result if the uploaded file is already known.
The full analysis may take some hours if the uploaded file is unknown.
- Apr 16, 2017
- 2,933
well ok but I'm not seeing anything to tell me the file is being analyzed, and you saw my post about uploading sha256 and getting no HTTPS... weird imo.
I tested the Valkyrie website in different scenarios. I tried it without a VPN, disabling the ad blocker and secure DNS. Valkyrie, it appears, is experiencing some technical issues. Sometimes it gives a verdict, sometimes it shows an error, and sometimes the analysis just loops.
- Apr 16, 2017
- 2,933
ok thanks, yes I have seen all of those
glad there are other sandbox analyzer sites that work
- Dec 23, 2014
- 8,821
I sent an unknown file over 12 hours ago. The file is still being analyzed:
However, the partial analysis result (signature detection) was available after a minute:
Valkyrie is probably overloaded, so the Human Expert Analysis may currently take several hours (days?). I have seen examples where the full analysis lasted about two hours.
Valkyrie is not as fast as other automated sandboxes, but the advantage is that the full analysis includes Human Expert Analysis, for example:
Last edited:
- Dec 23, 2014
- 8,821
Currently, the website has a bug. After inserting the MD5 or SHA256 hash, it shows an error:
There are no issues with SHA1 hashes.
The previous Valkyrie website, featuring a red design, offered speedy performance on par with similar services. This new Valkyrie website, it appears, is having a few technical glitches.
- Dec 12, 2016
- 1,928
Xcitium human analysis sometimes false flags stuff as malware that isn't and objections at least in my case didn't help
But Symantec actually first gave me a report of it being malicious but then after a few days I have got a report confirming a file I have sent is safe
Anyway nowadays I usually use Symantec instead especially if it's a big binary (750mb limit )and Threat Insights Portal (mainly check any.run behavior , network from the vendors in neiki )
Tip Use checkpoint threat emulation as threat emulation is pretty good at detecting all kinds of fancy tactics (every file under 100mb goes through threat emulation)
It's really powerful and in my system I install a ton of shady stuff and thankfully threat emulation prevented nearly every malware I could have encountered and a few that passed(sometimes because they are password protected) were nearly all detected by eset (in my setup they would have to deal with comodo and hitman pro.alert next if I would trust an unknown file enough to execute and stuff that bypassed these might still have the communication blocked based on webpulse reputation of Symantec ips and firewall modules )
Comodo is very powerful but since it's increased it's trust not just towards windows binaries (possibly after comodo 5.0) and in recent times to having a trusted vender list Wich means that stuff trusted can technically turn malicious
Meanwhile I doubt any comodo user even has malware on their system there is still a chance some future APT can get on the trusted list and since the main aim of the product is enterprises they might actually get one day affected if they use xcitium as their only defense
Last edited:
- Apr 16, 2017
- 2,933
- Apr 16, 2017
- 2,933
- Apr 16, 2017
- 2,933
I recall (vaguely) a few years back discussions about heavily editing (deleting) the trusted vendors' list. I never did that, but I think some folks did or do...
- Mar 12, 2024
- 182
no man. you get it wrongly. i received aproval from who developed the poc to show on my videos and he/she asked to not share it, so i respect it. get the point? as andy said, try to contact he/she about the sample for v4 (the one ive being testing and showing cis and xcitium being obliterated)
- Dec 23, 2014
- 8,821
Here is a post on the Wilders Security forum related to this thread:
https://www.wilderssecurity.com/thr...final-infos-thread.453843/page-3#post-3218351
I must partially agree with @cruelsister. The readers might wrongly understand the interesting POCs and discussions here because of very different viewpoints. I saw a similar situation when reading interesting threads about bypassing Microsoft Defender and other AVs. Whenever the bypass was presented, some people were convinced that AV was not enough, and willing to change it to another one. Such a reaction is natural but mainly irrational. Let's not be fooled by emotions.
The POCs and bypasses have a much smaller impact on security than hundreds of new malware variants, that bypass AVs each day due to the limitations of Machine Learning.
Currently, the Malware-As-A-Service is sufficiently prevalent and malware is often prepared to bypass the protection of most AVs.
https://www.wilderssecurity.com/thr...final-infos-thread.453843/page-3#post-3218351
I must partially agree with @cruelsister. The readers might wrongly understand the interesting POCs and discussions here because of very different viewpoints. I saw a similar situation when reading interesting threads about bypassing Microsoft Defender and other AVs. Whenever the bypass was presented, some people were convinced that AV was not enough, and willing to change it to another one. Such a reaction is natural but mainly irrational. Let's not be fooled by emotions.
The POCs and bypasses have a much smaller impact on security than hundreds of new malware variants, that bypass AVs each day due to the limitations of Machine Learning.
Currently, the Malware-As-A-Service is sufficiently prevalent and malware is often prepared to bypass the protection of most AVs.
- People who use Comodo should not be surprised that it can be bypassed. Auto-containment is not a perfect solution.
- Users should not think that other AVs can protect better because someone presented some of Comodo's bypasses or POCs.
Last edited:
- Mar 12, 2024
- 182
well, i didnt see the topic you mentioned but i agree with you. i usualy come here to bring some tests with cis showing poc evading containment, ransonware being trusted, etc., but i still have cis as main protection. every software has flaws. i guess that the problem with cis is the delay comodo has to "do something" when needed
