Comodo Internet Security 2025 does not contain RANSOMWARE (bypass, infection and lost of files)

[Andy Ful]

Why not set containment to "block" unrecognized files and programs instead?

This setting alone will not prevent several fileless methods. Without Script Analysis settings several fileless attacks might not be contained, so the "Block" setting could not help.

 

[nickstar1]

I still say sandboxie is the best defense when properly used when knowing a file could be malicious or you are savvy enough to use it.

 

[Andy Ful]

I still say sandboxie is the best defense when properly used when knowing a file could be malicious or you are savvy enough to use it.

It is not for most people, but it can be the best defense for you or others. Almost all users apply Sandboxie on demand, so it cannot be compared to Comodo which uses auto-containment.
I used Sandboxie for a few years and still have several sandboxes with very different restrictions on my old disk images.
Also, the term "best defense" has a different meaning for many people.

Edit.
Most users who use Sandboxie are unprotected against the attacks mentioned in this thread.
It is possible to use auto-sandboxed Windows Explorer (explorer.exe) for more security, but I knew only one person who used Sandboxie that way.

 

[vitao]

Latest Xcitium edition (Xcitium Client Security 13.2.0.9560) exploited by the same poc. RansomFest it seems...

Edit. Default Configs for endpoint. The recomended one from Xcitium EDR Dashboard.

Edit.: I see there is an 13.3.1 edition released (anounced on their forum) but i have no idea on how to upgrade to it or download it. Does anyone have any idea? Or is it something wrong with their edr dashboard/platform preventing clients to have the latest client released? or is it not released?