- May 9, 2024
- 129
The only almost unbeatable thing is my technique at prevention. Containing everything for analysis. Comodo didn't contain everything but almost everything.
What is your solutionThe only almost unbeatable thing is my technique at prevention. Containing everything for analysis. Comodo didn't contain everything but almost everything.
yes. as explained in the video. now lets hope they dont take another 3~4 years to bring this fix into cis...Yes. There are two settings :
- Monitor DLL files being loaded by running processes (Enabled).
- Auto-block unknown DLL file(s) from being loaded by processes (Enabled).
View attachment 287714
When the benign EXE file (vulnerable to DLL hijacking) is executed, Xcitium monitors loaded DLL and blocks if it is Unknown.
Comodo (CIS) still does not monitor loaded DLLs, so it cannot block DLL hijacking attacks.
yes. as explained in the video. now lets hope they dont take another 3~4 years to bring this fix into cis...![]()
theyre new. according with a mod there its a new option added to prevent these kind of problem exposed on my videos. i dont know when exacly they added it but its new.@Sandbox Breaker - DFIR, If I'm right, you use Xcitium. Can you confirm if the settings below are old or new?
Monitor DLL files being loaded by running processes
Auto-block unknown DLL file(s) from being loaded by processes
I dropped Xcitium. Sorry. And with reason.@Sandbox Breaker - DFIR, If I'm right, you use Xcitium. Can you confirm if the settings below are old or new?
Monitor DLL files being loaded by running processes
Auto-block unknown DLL file(s) from being loaded by processes
It is not clear from the staff's reply if those settings are old or new. He states they are looking into the issue and then directs you to those settings, mentioning the settings are there for such situations but disabled by default to avoid false positive cases.theyre new. according with a mod there its a new option added to prevent these kind of problem exposed on my videos. i dont know when exacly they added it but its new.
My solution is not for daily usage but rather than malware analysis. Sandboxing everything then analyze it in containment.What is your solution
or the solutions you rely on for protection.
And thank you.
No, don't do that to her. She's a well respected member of the community and is the expert on Comodo. Because of that I'm inclined to believe what she says is true over you.And now cruelsister is trying, at all costs, desperately, to discredit my videos by claiming that the DLL was magically in the system, and that "afterwards" it is activated and therefore the video would be unreliable.
But it seems that she forgot to "watch the videos" and realize that the ransomware was, from the beginning, compressed in a password-protected file, which means that it doesn't matter if it was there or if I downloaded it only after installing CIS. Since it is a compressed file with a password, no antivirus will be able to see what is inside, so...
Anyway, once again she shows that she is just a silly girl trying to make fun on the internet.
Either that or it is just a fake account of Melih himself or some other member of the Comodo staff... who knows...
Ps.: Comodo has finally classified the DLL as malware. So, now, CIS can identify the DLL as malware and block its execution. At least during the manual scan. I'm going to do some tests to see if the DLL is still executed through the .EXE that makes the calls to it. And I'm also waiting for Loyiza (if she's interested) to make some simple change to the DLL so that everyone understands that the exploit problem hasn't been fixed in CIS yet...
Or is it not even worth wasting time on this anymore?![]()