Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Comodo Internet Security 7 review by nsm0220
Message
<blockquote data-quote="cruelsister" data-source="post: 188089" data-attributes="member: 7463"><p>Comodo at default levels will allow a trojan to spawn a daughter, usually into Roaming or temp. This always happens. To see if it is any way relevant you must check to see if on reboot any malicious files are actually being loaded into memory (which in turn would verify if any autostart procedures were dropped).</p><p></p><p>Also another thing that should be done in testing Comodo (either CIS or CF) is to actually run the daughters that were dropped to see how Comodo will react (invariably these also would be sandboxed in turn). Some will consider what is in essence orphaned files an issue, but if a trojan is not currently running in memory and does not have the ability to start on reboot does this actually constitute an infected system? If this test had been run in Full V mode anything spawned off will go into the virtual Roaming (or temp) directory and will be obliterated on Sandbox reset. Nothing would have remained on the actual drive.</p><p></p><p>Another good thing about Full V is that for any application sandboxed the resultant application windows will have a Green border, so there is no guessing whether it is being contained or not.</p><p></p><p>But thank you for taking the time to do the test! </p><p></p><p>(Not that I want in any way to burden you, but if you ever find the time try this:</p><p>1). Install Comodo Firewall.</p><p>2). Shut off HIPS</p><p>3). Set sandbox to Full V</p><p>4). Run 10-20 files known to be malicious (don't bother with malware links).</p><p>5). Either clean sandbox or reboot and seek any system changes to the best of your ability.)</p></blockquote><p></p>
[QUOTE="cruelsister, post: 188089, member: 7463"] Comodo at default levels will allow a trojan to spawn a daughter, usually into Roaming or temp. This always happens. To see if it is any way relevant you must check to see if on reboot any malicious files are actually being loaded into memory (which in turn would verify if any autostart procedures were dropped). Also another thing that should be done in testing Comodo (either CIS or CF) is to actually run the daughters that were dropped to see how Comodo will react (invariably these also would be sandboxed in turn). Some will consider what is in essence orphaned files an issue, but if a trojan is not currently running in memory and does not have the ability to start on reboot does this actually constitute an infected system? If this test had been run in Full V mode anything spawned off will go into the virtual Roaming (or temp) directory and will be obliterated on Sandbox reset. Nothing would have remained on the actual drive. Another good thing about Full V is that for any application sandboxed the resultant application windows will have a Green border, so there is no guessing whether it is being contained or not. But thank you for taking the time to do the test! (Not that I want in any way to burden you, but if you ever find the time try this: 1). Install Comodo Firewall. 2). Shut off HIPS 3). Set sandbox to Full V 4). Run 10-20 files known to be malicious (don't bother with malware links). 5). Either clean sandbox or reboot and seek any system changes to the best of your ability.) [/QUOTE]
Insert quotes…
Verification
Post reply
Top