Serious Discussion Comodo Internet Security 2025 was obliterated by an exploit!

[rashmi]

The default files seem to be OK for most users. Using the "All applications" group includes all possible executable types blocked by Comodo, but increases the number of alerts.

Do you mean only the "executables" file group is sufficient?

 

[Andy Ful]

Why not submit the file to CAMAS(Valkyrie) ?

One does not exclude the other. The 1-day limit is often a few days shorter.

 

[Andy Ful]

Do you mean only the "executables" file group is sufficient?

I mean that it has a good balance between usability and security.

 

[vitao]

YES Xcitium has finally improved signatures i told the guy to improve the signatures on comodo forums the FlorinG guy and he actually listened to me and improved it

i saw this during the test too but as it was about the virus signatures i decided to not mention it on the video but im going to produce a new video about these sites that provide samples and that vendors looking into these and updating their signatures by using these samples is making pointless av testes with malwares downloaded from these same sources. its time to focus on really zero day only...

anyway, did you notice the virus signature testing? its a shame as there is no dif between the full or the lite dbs... so why promote it? just to have a lighter file on hd?

 

[rashmi]

I mean that it has a good balance between usability and security.

I'll make a new file group and add the files from the executables file group to it. In a previous post, you noted the absence of MSI in the executables file group. If I remember correctly, Comodo had a bug where it didn't run unrecognized MSI files in containment. I'm uncertain whether they've resolved the issue. In the custom file group, should I include the MSI file or any files from the "pseudo file downloaders" group?

 

[Andy Ful]

In the custom file group, should I include the MSI file or any files from the "pseudo file downloaders" group?

You can but it seems that most "Pseudo File Downloaders" are included in Script Analysis. I did not test it, so I do not know the difference.
It is also possible to create a new group for executable types to be whitelisted. Next, this group can be probably used to whitelist some executable types (*.tmp, etc.) while using "All Applications" group.

 

[rashmi]

You can but it seems that most "Pseudo File Downloaders" are included in Script Analysis. I did not test it, so I do not know the difference.
It is also possible to create a new group for executable types to be whitelisted. Next, this group can be probably used to whitelist some executable types (*.tmp, etc.) while using "All Applications" group.

Yes, a "whitelist" file group is possible. I believe, in containment, we can set the "whitelist" group as "ignore" and place the rule above the "all applications" rule. Which files should we whitelist to achieve a balance between usability and security?

 

[Andy Ful]

Which files should we whitelist to achieve a balance between usability and security?

Executables not used as initial attack vectors. For now, I would ignore *.tmp files.

 

[rashmi]

Executables not used as initial attack vectors. For now, I would ignore *.tmp files.

I successfully tested a new "whitelist" (*.tmp) file group using the latest Ant Download Manager Beta. Unlike the default containment rule, Comodo's "all applications" 1-hour limit prevented the containment of AntDM and antCH files when launched.