Comodo Internet Security 2025 does not contain RANSOMWARE (bypass, infection and lost of files)

XylentAntivirus · Monday at 4:14 PM

The only almost unbeatable thing is my technique at prevention. Containing everything for analysis. Comodo didn't contain everything but almost everything.

vitao · Monday at 9:28 PM

they solved it on xcitium. recorded a new video with one particular setting. as soon as i get the time to edit it, ill publish the new video with subtitles, etc.

but just fyi xcitium now is able to protect us against the ransomware. cis continues to be destroied by it...

tried to post it on xcitium topic ive created but it seems their forum is offline...

vitao · 2025-03-12T15:27:10-0500

Xcitium with new configuration can now prevent the ransomware to be executed!

FINALLY!!!

Watch it here:

This video has subtitles in English, Brazilian Portuguese and Spanish. If you need more subtitles, just let me know.

Andy Ful · 2025-03-12T16:09:11-0500

Yes. There are two settings :

Monitor DLL files being loaded by running processes (Enabled).
Auto-block unknown DLL file(s) from being loaded by processes (Enabled).

When the benign EXE file (vulnerable to DLL hijacking) is executed, Xcitium monitors loaded DLL and blocks if it is Unknown.
Comodo (CIS) still does not monitor loaded DLLs, so it cannot block DLL hijacking attacks.

[correlate] · 2025-03-13T08:52:35-0500

XylentAntivirus said:
The only almost unbeatable thing is my technique at prevention. Containing everything for analysis. Comodo didn't contain everything but almost everything.

What is your solution
or the solutions you rely on for protection.
And thank you.

vitao · 2025-03-13T09:16:12-0500

Andy Ful said:
Yes. There are two settings :

Monitor DLL files being loaded by running processes (Enabled).

Auto-block unknown DLL file(s) from being loaded by processes (Enabled).

View attachment 287714

When the benign EXE file (vulnerable to DLL hijacking) is executed, Xcitium monitors loaded DLL and blocks if it is Unknown.
Comodo (CIS) still does not monitor loaded DLLs, so it cannot block DLL hijacking attacks.

yes. as explained in the video. now lets hope they dont take another 3~4 years to bring this fix into cis...

Andy Ful · 2025-03-13T11:30:56-0500

vitao said:
yes. as explained in the video. now lets hope they dont take another 3~4 years to bring this fix into cis...

Those settings can increase security but at the cost of many false positives. Even if one whitelists all signed DLLs (like in Windows Smart App Control), the number of false positives can be too great for most non-enterprise users. We also must remember that with that fix the unknown DLLs are blocked and not auto-contained.

rashmi · 2025-03-13T13:53:57-0500

@Sandbox Breaker - DFIR, If I'm right, you use Xcitium. Can you confirm if the settings below are old or new?

Monitor DLL files being loaded by running processes
Auto-block unknown DLL file(s) from being loaded by processes

Search

Comodo Internet Security 2025 does not contain RANSOMWARE (bypass, infection and lost of files)

XylentAntivirus

Level 3

vitao

Level 4

vitao

Level 4

Andy Ful

From Hard_Configurator Tools

[correlate]

Level 18

vitao

Level 4

Andy Ful

From Hard_Configurator Tools

rashmi

Level 16

Similar threads