App Review Comodo Internet Security Premium Free 2023

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra
F

ForgottenSeer 100397

@Shadowra

I rewatched the video. It's hard to review the test without text or voice, and things are tiny in the video. What I could make out is that the malware encrypted the files in the Downloads, two files on the Desktop, and the only file on the DVD. Am I right?

DVD: It contains the malware folder you copied on the desktop, right?
Downloads: Comodo containment excludes it; the contained malware can modify the files. @cruelsister Please correct me if I'm wrong.
Desktop: What are the two files the malware encrypted?
 
Last edited by a moderator:

Shadowra

Level 33
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,287
@Shadowra

I rewatched the video. It's hard to review the test without text or voice, and things are tiny in the video. What I could make out is that the malware encrypted the files in the Downloads, two files on the Desktop, and the only file on the DVD. Am I right?

DVD: It contains the malware folder you copied on the desktop, right?
Downloads: Comodo containment excludes it; the contained malware can modify the files. @cruelsister Please correct me if I'm wrong.
Desktop: What are the two files the malware encrypted?

Ransomware encrypted malware folder, desktop and download yes.
And it is visible :)

Sorry if it's tiny, I render in 1440p but Odysee force in 1080p....
 
F

ForgottenSeer 100397

Ransomware encrypted malware folder, desktop and download yes.
And it is visible :)

Sorry if it's tiny, I render in 1440p but Odysee force in 1080p....
I already posted about the downloads folder.

Did you insert the DVD with the malware folder in the DVD drive (to have it in the drive ready for the test) before the CIS installation?

It would be helpful if you could tell me about the two files the malware encrypted on the desktop.
 
Last edited by a moderator:
  • Like
Reactions: Shadowra

Shadowra

Level 33
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,287
I already posted about the downloads folder.

Did you insert the DVD with the malware folder in the DVD drive (to have it in the drive ready for the test) before the CIS installation?

It would be helpful if you could tell me about the two files the malware encrypted on the desktop.

Why are you talking about DVDs?

The malware package is a RAR archive that is copied after the installation of Comodo and after the URL test and the fake crack test.

The 2 files on the desktop, you have an .ini of my desktop configuration and the .txt that contains the malicious URLs.

@Shadowra how come you don't use YouTube? Surely you would get more engagement there
YouTube doesn't really appreciate tests and the AI detects it as hacking :) the channels that stay usually have a network or don't have the same visibility as my channel (and I made a post when I had my YouTube channel removed... and Odysee I'm free to do what I want on it, and I like that :) )
 
F

ForgottenSeer 100397

Why are you talking about DVDs?

The malware package is a RAR archive that is copied after the installation of Comodo and after the URL test and the fake crack test.

The 2 files on the desktop, you have an .ini of my desktop configuration and the .txt that contains the malicious URLs.
Ok, I just want to know how you copied the malware package.
from the host machine?
from a location on the VM you were testing CIS on?
from a disk or USB, and were they inserted or attached before the CIS installation?
 
  • Like
Reactions: Shadowra

Shadowra

Level 33
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,287
Ok, I just want to know how you copied the malware package.
from the host machine?
from a location on the VM you were testing CIS on?
from a disk or USB, and were they inserted or attached before the CIS installation?

Yep it's copied from my host PC :)
If you install VMware Tools, you can copy files from your host PC to your VM :)
Of course, my VMs are isolated so that a malware can't attack my home computer.
 

MrMr

Level 1
Apr 20, 2023
23
Btw @Shadowra you should note in the main post that this is the basic protection from CIS, not that of CFW CS because everything would be blocked, unfortunately CIS is still very bad at protecting anything, they know it but wont change it (maybe after the brand name changes but for Comodo its not happening)
 
F

ForgottenSeer 100397

@Shadowra I appreciate your work. Keep it up. Thank you!

I believe the malware could encrypt the files in the downloads folder because of a weak containment setting, "do not virtualize access to the specified files or folders." It is not a Comodo containment bypass.

From Comodo help files: Containment Settings, Containment Computer Security, Desktop Software | Internet Security
By default, contained applications can access folders, files, and registry keys on your local system, but cannot change them.
The "Do not virtualize..." settings let you create exceptions to these policies if required.

The rest is a .txt file encrypted on the desktop. If my memory serves well, there is a minor issue with the default config: ransomware could create the ransom note .txt file on the desktop or could encrypt a .txt file on the desktop, something like this. I guess @cruelsister could shed light on this.
 
Last edited by a moderator:
F

ForgottenSeer 97327

Does anyone know what the defaults are for this setting?

1682148536451.png
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top