For example, you highlight the "allowed application" policy, then highlight the "installer or updater" policy; the "action" under the "installer or updater" policy doesn't change. Review again after applying this installer or updater policy; all actions switched to the "ask" option.
Comodo Internet Security 2025 does not contain RANSOMWARE (bypass, infection and lost of files)
- Thread starter vitao
- Start date
- Mar 12, 2024
- 176
Hello guys.
CIS blocking the POC/Exploit with a single config: Simple config allow CIS to prevent the POC (Exploit) to be executed
Created a topic for it.
@Andy Ful the video...
CIS blocking the POC/Exploit with a single config: Simple config allow CIS to prevent the POC (Exploit) to be executed
Created a topic for it.
@Andy Ful the video...
bazang
Level 11
- Jul 3, 2024
- 505
anirbandutta01
When you purchase Comodo software, you are not purchasing the software itself. You are only purchasing support and a pointless "restore to clean system" warranty if you are ever infected.
The warranty is a joke because you yourself can clean install Windows if it is determined that you are infected. The only instance where that warranty would be valuable in the case of low-level infection that cannot be removed with a clean install of the OS. For example, malicious firmware or a boot sector infection.
Read the Comodo EULA agreement. It states that purchasers are not buying the software, but only support.
There is absolutely no difference between free Comodo code base and paid Comodo code base. Both have the same identical features, functionality, and capabilities. The difference is that Comodo free has Comodo forum and email support and paid Comodo has email and other support options.
When you purchase Comodo software, you are not purchasing the software itself. You are only purchasing support and a pointless "restore to clean system" warranty if you are ever infected.
The warranty is a joke because you yourself can clean install Windows if it is determined that you are infected. The only instance where that warranty would be valuable in the case of low-level infection that cannot be removed with a clean install of the OS. For example, malicious firmware or a boot sector infection.
Read the Comodo EULA agreement. It states that purchasers are not buying the software, but only support.
There is absolutely no difference between free Comodo code base and paid Comodo code base. Both have the same identical features, functionality, and capabilities. The difference is that Comodo free has Comodo forum and email support and paid Comodo has email and other support options.
- Mar 12, 2024
- 176
It's already 2025 and Comodo Internet Security is still vulnerable and the same ransomware as before keeps destroying everything:
This video has subtitles in several languages.
This video has subtitles in several languages.
- Dec 10, 2022
- 527
Too bad you will get banned on the forums for showing any faults dont post this. 
Indeed, only recently a user got banned on the forum because he spoke the truth...
bazang
Level 11
- Jul 3, 2024
- 505
Too bad you will get banned on the forums for showing any faults dont post this.
He is already banned on the Comodo forum.
The Comodo forum rules require such reports to be made privately (not publicly available) to Comodo.
- Mar 12, 2024
- 176
im already banned thereToo bad you will get banned on the forums for showing any faults dont post this.
and on xcitium too for posting the video that shows xcitium security getting ### by this same exploitation/ransomware....
- Dec 23, 2014
- 8,780
Normally, I would say that this particular malware is nothing unusual or dangerous because it is a kind of POC (based on an in-the-wild sample). Unfortunately, my experience with Comodo's detection of DLLs is very pessimistic, especially for DLLs uploaded to Malware Bazaar. To be honest, Comodo can contain many in-the-wild attacks with DLLs (mainly via Script Analysis). The problem can arise when the attack uses a Trusted and benign EXE file (like in the video) that loads a malicious DLL.
The problem with shortcuts mentioned in the video is mainly solved by Comodo via Auto-containment and Script Analysis. So, in this case, @cruelsiter was right. Comodo does not block shortcuts, but it can efficiently contain the execution of processes triggered via shortcuts. The problem is mainly when the shortcut triggers a Trusted and benign file (not restricted by Script Analysis) that loads a malicious DLL. Such attacks were rarely reported in the wild.
In my opinion, the problem presented in the video is a potential weak point of Comodo. However, there are no reports that this attack vector was intentionally used in the wild against the Comodo/Xcitium customers. As @vitao mentioned in the video, the current protection of Comodo is one of the best. Any top AV has some weaknesses.
The problem with shortcuts mentioned in the video is mainly solved by Comodo via Auto-containment and Script Analysis. So, in this case, @cruelsiter was right. Comodo does not block shortcuts, but it can efficiently contain the execution of processes triggered via shortcuts. The problem is mainly when the shortcut triggers a Trusted and benign file (not restricted by Script Analysis) that loads a malicious DLL. Such attacks were rarely reported in the wild.
In my opinion, the problem presented in the video is a potential weak point of Comodo. However, there are no reports that this attack vector was intentionally used in the wild against the Comodo/Xcitium customers. As @vitao mentioned in the video, the current protection of Comodo is one of the best. Any top AV has some weaknesses.
Oh, fantastic news, lucky you - a double win! A promotion bundled with a mandatory vacation!... Rub it in everyone's faces how 'deserving' you are!im already banned there
- Mar 12, 2024
- 176
yes. exacly. the problem is if someone share it and people start looking to it. and this was reported to comodo for a long time and nothing happened so far... lets just hope this kind of file doesnt get shared anywhere.
- Mar 12, 2024
- 176
Oh, fantastic news, lucky you - a double win! A promotion bundled with a mandatory vacation!... Rub it in everyone's faces how 'deserving' you are!
dude.... i love u hahahahahahahah
- Dec 23, 2014
- 8,780
The submissions via Xcitium may be more efficient.
New_Style_xd
Level 1
- Sep 10, 2022
- 24
If we who use CIS wait for customers who use XCITIUM to report this problem, it will take a long time.
Since CIS takes a long time to be updated.
I really wish CIS would be fixed more quickly.
Last edited:
- Dec 23, 2014
- 8,780
Organizations should use Xcitium instead of CIS. However, I did not test Xcitium so I cannot say much about the difference.
Such malware is much less probable for CIS users at home. Of course, it would be better if CIS could improve detection, but the gain for home users might be very small (not worth the trouble for a free product). Furthermore, home users can use Comodo Firewall + Microsoft Defender (or another free AV).
Edit.
In the home environment, the overall strength of the CIS protection with @cruelsister settings can be similar to Microsoft Defender + Smart App Control. According to Microsoft, this is an incredibly effective protection against malware.
Last edited:
- Dec 12, 2016
- 1,906
Just like comodo smart app control isn't immune to some flaws of its ownOrganizations should use Xcitium instead of CIS. However, I did not test Xcitium so I cannot say much about the difference.
Such malware is much less probable for CIS users at home. Of course, it would be better if CIS could improve detection, but the gain for home users might be very small (not worth the trouble for a free product). Furthermore, home users can use Comodo Firewall + Microsoft Defender (or another free AV).
Edit.
In the home environment, the overall strength of the CIS protection with @cruelsister settings can be similar to Microsoft Defender + Smart App Control. According to Microsoft, this is an incredibly effective protection against malware.
Dismantling Smart App Control — Elastic Security Labs
This article will explore Windows Smart App Control and SmartScreen as a case study for researching bypasses to reputation-based systems, then demonstrate detections to cover those weaknesses.
www.elastic.co
I believe these reputation technologies are best to complement av software and they alone can block majority of malware 99.999%+
Comodo is insanely light without the av component and shouldn't cause any incompatibility issues nor should smart app control
Personally I have less false positives with comodo over smart screen , smart app control so that's my personal choice
- Mar 12, 2024
- 176
it was submited, as showed on the video. it has more than a month now
- Dec 12, 2016
- 1,906
Comodo can't be trusted alone because of such cases but thankfully it's pretty light and can complement your av as a form of reputation layer (with some flaws of abusing trusted processes like in this case)it was submited, as showed on the video. it has more than a month now
Smart app control , smartscreen is the same it's basically a layer to complement a lot to the security of a system blocking majority of malware at that layer
So till smart app control has less false positives I'm staying with comodo for that layer instead
Usually comodo is advised as a uac replacement but personally I think that's wrong it doesn't replace elevation on the trusted processes as shown by the ransomware using trusted executables
But it can definitely be used to replace smart app control, smart screen for those that prefer comodo but I would at least keep a browser level smart screen like the microsoft defender extension it catches usually more pishing pages then google and cam complement the Google safe browsing at stopping more malware at the first layer
Last edited by a moderator:
@Andy Ful If I remember the test well, the option "Rate applications according to their vendor rating" under File Rating Settings is the reason for the POCs bypass or DLL hijacking, right?
