Comodo Internet Security 2025 does not contain RANSOMWARE (bypass, infection and lost of files)

vitao

Level 4
Thread author
Mar 12, 2024
185
they solved it on xcitium. recorded a new video with one particular setting. as soon as i get the time to edit it, ill publish the new video with subtitles, etc.

but just fyi xcitium now is able to protect us against the ransomware. cis continues to be destroied by it...

tried to post it on xcitium topic ive created but it seems their forum is offline...
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,825
Yes. There are two settings :
  • Monitor DLL files being loaded by running processes (Enabled).
  • Auto-block unknown DLL file(s) from being loaded by processes (Enabled).

1741812959440.png


When the benign EXE file (vulnerable to DLL hijacking) is executed, Xcitium monitors loaded DLL and blocks if it is Unknown.
Comodo (CIS) still does not monitor loaded DLLs, so it cannot block DLL hijacking attacks.
 
Last edited:

vitao

Level 4
Thread author
Mar 12, 2024
185
Yes. There are two settings :
  • Monitor DLL files being loaded by running processes (Enabled).
  • Auto-block unknown DLL file(s) from being loaded by processes (Enabled).

View attachment 287714

When the benign EXE file (vulnerable to DLL hijacking) is executed, Xcitium monitors loaded DLL and blocks if it is Unknown.
Comodo (CIS) still does not monitor loaded DLLs, so it cannot block DLL hijacking attacks.
yes. as explained in the video. now lets hope they dont take another 3~4 years to bring this fix into cis... :p
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,825
yes. as explained in the video. now lets hope they dont take another 3~4 years to bring this fix into cis... :p

Those settings can increase security but at the cost of many false positives. Even if one whitelists all signed DLLs (like in Windows Smart App Control), the number of false positives can be too great for most non-enterprise users. We also must remember that with that fix the unknown DLLs are blocked and not auto-contained.
 
Last edited:

vitao

Level 4
Thread author
Mar 12, 2024
185
@Sandbox Breaker - DFIR, If I'm right, you use Xcitium. Can you confirm if the settings below are old or new?

Monitor DLL files being loaded by running processes
Auto-block unknown DLL file(s) from being loaded by processes
theyre new. according with a mod there its a new option added to prevent these kind of problem exposed on my videos. i dont know when exacly they added it but its new.
 

vitao

Level 4
Thread author
Mar 12, 2024
185
And now cruelsister is trying, at all costs, desperately, to discredit my videos by claiming that the DLL was magically in the system, and that "afterwards" it is activated and therefore the video would be unreliable.

But it seems that she forgot to "watch the videos" and realize that the ransomware was, from the beginning, compressed in a password-protected file, which means that it doesn't matter if it was there or if I downloaded it only after installing CIS. Since it is a compressed file with a password, no antivirus will be able to see what is inside, so...

Anyway, once again she shows that she is just a silly girl trying to make fun on the internet.

Either that or it is just a fake account of Melih himself or some other member of the Comodo staff... who knows...

Ps.: Comodo has finally classified the DLL as malware. So, now, CIS can identify the DLL as malware and block its execution. At least during the manual scan. I'm going to do some tests to see if the DLL is still executed through the .EXE that makes the calls to it. And I'm also waiting for Loyiza (if she's interested) to make some simple change to the DLL so that everyone understands that the exploit problem hasn't been fixed in CIS yet...

Or is it not even worth wasting time on this anymore? o_O
 

rashmi

Level 16
Jan 15, 2024
775
theyre new. according with a mod there its a new option added to prevent these kind of problem exposed on my videos. i dont know when exacly they added it but its new.
It is not clear from the staff's reply if those settings are old or new. He states they are looking into the issue and then directs you to those settings, mentioning the settings are there for such situations but disabled by default to avoid false positive cases.
 
  • Like
Reactions: simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top