Hot Take Comodo Internet Security 2025 was obliterated by an exploit!

[silversurfer]

New year old story... Please stop to call other MT members as trolls, such parts of your comments will be removed, according to Forum Rules.

 

[Nikola Milanovic]

New year old story... Please stop to call other MT members as trolls, such parts of your comments will be removed, according to Forum Rules.

im not trolling anyone im just saying

 

[silversurfer]

im not trolling anyone im just saying

I am sorry that you seems misinterpreted what I wrote, I meant rather a few other comments, there you can see like that "Last edited by a moderator: ..."

 

[Nikola Milanovic]

I am sorry that you seems misinterpreted what I wrote, I meant rather a few other comments, there you can see like that "Last edited by a moderator: ..."

I thought i did something wrong but its okay thank you

 

[Vitali Ortzi]

It is unclear in your post, who these people are (those who made videos or those who left MT ). Let's make it clearer: @Andy Ful understands Melih well.
Furthermore, I do not think that Melih would be obliged to do more to improve CIS (not paid) even if he had more money. Did other vendors cover all attack vectors in the free AVs?
Of course, people still have the right to be disappointed. However, we should discuss how justified this disappointment is (we did it in a few threads).

I really appreciate comodo and they have even been sending samples to @XylentAntivirus as well as comodo guys including the cto being in the discord server of that open source av so they genuinely help other projects in the open source world they made their own open source EDR, they provide a free product with the same modules as the paid one and they although aren't obligated to give free support they did over the years and to this day to free users (fourm )

The company has good ethics and meilh have created a good product that helps a lot of people including me to have a more secure system and created american jobs (employees)
Yes comodo isn't a perfect company but you can name popular companies with somewhat worse ethics in this economy pretty easily

Would be magical if they find a way to get good market share but the issue is in the enterprise front the only advantage they have is cost over the competition and in the consumer market majority of people are looking for default allow rather then default deny so it's pretty niche and that's why they arent a popular vendor in the market

 

[Vitali Ortzi]

im not trolling anyone im just saying


Why are you so mad at me? what did i do to you?

Was nothing against you but required to keep high standards of mutual respect in this fourm as if you're allowed to then someone else will be etc

 

[Nikola Milanovic]

Was nothing against you but required to keep high standards of mutual respect in this fourm as if you're allowed to then someone else will be etc

I respect Xcitium and everyone in fact i love Xcitium

 

[Andy Ful]

It is possible that after videos made by @cruelsister, me, and @vitao (thank Loyisa) we have got a more objective picture of CIS protection.

The @cruelsister videos showed that in a non-enterprise environment, CIS (tweaked) can be one of the strongest solutions. This is still true after the bypasses presented recently. Nothing changed for the members of MT and Wilders Security forums.

The videos made by me and @vitao showed that auto-containment is not enough in some special scenarios. Highly targeted attacks that exploit Trusted applications can bypass CIS even with very restrictive settings. It is unclear how such bypasses can impact Enterprises and we do not know if anyone used them in the wild against CIS or Xcitium.
But, some in-the-wild attacks could be effective against CIS. @Loyisa used an in-the-wild (slightly modified) sample in one of her POCs. I reported another possibility via PE injection coded in the office macro.

 

[Chuck57]

I respect Xcitium and everyone in fact i love Xcitium

Even above Xcitium, I wish Comodo would update CCAV, the great software that was mentioned in this or another thread a few days ago. Ever since reading the post, I've wondered how effective it would be today, given it was abandoned some years ago, like so many great Comodo products that deserved to be improved. CCAV, I found easier and better than CFW.

 

[Digmor Crusher]

First off, it is completely wrong to categorize those you disagree with as trolls.

I don't agree or disagree with anyone in this thread and have not specifically called anyone out as a troll, its all entertainment to me. I may have said for someone to tone it down a bit as the posts were getting out of hand in other Comodo threads.

 

[pantalaimon]

This PoC stop in my view is only showing COMODO that its heuristic needs to have changes, disabling the cloud function making Ransom and Exploit be detected shows that COMODO's detection needs an improvement in this heuristic.

 

[Jonny Quest]

I don't agree or disagree with anyone in this thread and have not specifically called anyone out as a troll, its all entertainment to me. I may have said for someone to tone it down a bit as the posts were getting out of hand in other Comodo threads.

Which I think also happened about 6 months ago? when we had a handful of other members here leave, for some of the drama in Comodo threads, as well as a member who kept on correcting and scolding other members with their posts.

 

[Chuck57]

No point in calling anyone out, or naming names regarding the Cruelsister thing. They know who they are and so do all of us.

 

[bazang]

New year old story... Please stop to call other MT members as trolls, such parts of your comments will be removed, according to Forum Rules.

OK then. I will just provide the link to the post made the people instead. That way I am not using MT user handles. Or are you going to say that breaks the MT rules?

If you people - you moderators - allow those original posts to stay up on MT, then how can I be violating any MT rules by providing links to them?

 

[silversurfer]

OK then. I will just provide the link to the post made the people instead. That way I am not using MT user handles. Or are you going to say that breaks the MT rules?

If you people - you moderators - allow those original posts to stay up on MT, then how can I be violating any MT rules by providing links to them?

If you say that someone does trolling and you mention the @userXY then that might be interpreted as insulting that person like more obvious personal attacks, that is what I meant with according to Forum Rules. As forum moderators we should try to avoid the beginning of trouble between people.

Everyone here should try to understand that in general forum moderation doesn't make all people satisfied

 

[Vitali Ortzi]

If you say that someone does trolling and you mention the @userXY then that might be interpreted as insulting that person like more obvious personal attacks, that is what I meant with according to Forum Rules. As forum moderators we should try to avoid the beginning of trouble between people.

Everyone here should try to understand that in general forum moderation doesn't make all people satisfied

There was a guy once here called ForgottenSeer 58943 who had felt unsatisfied as well from the moderation wich was go aggressive towards him

Obviously it's a balance to have enough moderation to feel free and not having too aggressive moderation

Personally I didn't have any issues with the moderation team and appreciate their work (not easy at all to deal with moderation)
But some I talked to had issues with moderation being too aggressive
It's really weird that I got a good experience and some absolute opposite but I personally feel home here and hope others could feel the same

 

[Andy Ful]

Everyone here should try to understand that in general forum moderation doesn't make all people satisfied

I would like to thank all the moderators.

 

[Chuck57]

I've no problem with the moderators. The couple of times I've been warned and/or banned from posting were my fault. A good forum has got to have moderators. They're the cops in the little city whose job it is to keep the peace.

 

[rashmi]

I tested that setup (Serious Discussion - Comodo Internet Security 2025 was obliterated by an exploit!) and it works on my machine (Cloud lookup enabled). I used the newly created files (compiled on my machine). Most files downloaded from the Internet are not new to Comodo (even if Unrecognized), so the 1-day limit will not block them. On the contrary, the 0-day malware will be contained in one day. Also, non-0-day malware can be contained in one day if it is unknown in the Comodo cloud (not submitted). However, such malware will be mainly detected by Microsoft Defender.

I'd appreciate a description of your testing methodology for the files with the setup before I comment. How did you arrive at the conclusion that Comodo's one-day limit won't block most downloaded files, even if unrecognized, as they are likely already known?

 

[vitao]

Hello everyone.

I hope everyone is well.

First of all, I wish you all (again) a great new year!

Now back to the topic at hand...

I saw some comments and it seems that some are going in other directions than the one that originated this topic (and several others).

Well, I realize that there are those who just want to see the circus burn, there are those who defend the company Comodo with justifications about investments, money, being a free software, etc.

But honestly, none of that matters that much.

Well, at least for me. What matters is that as long as there are flaws and I can demonstrate these flaws (being able to explain them in the best way possible), I will do so. Regardless of whether the company is interested in correcting this or that, or not. The fact is that I am a CIS user, very satisfied with the protection provided, however, the fact is also that I am unhappy with the lack of transparency and ignorance of its CEO (or former CEO) when he says things that recent videos demonstrate the opposite, but even so, this also ends up not mattering that much.

As long as I can, I will continue to bring videos about CIS and any other AV. Whether out of curiosity, to demonstrate something, or for entertainment.

Ps.: The POC demonstrated in the last videos (the one that executes ransomware) also affects Xcitium Client Security in its latest released version...