App Review Comodo Internet Security Premium Free 2023

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra
F

ForgottenSeer 100397

@Shadowra

I rewatched the video. It's hard to review the test without text or voice, and things are tiny in the video. What I could make out is that the malware encrypted the files in the Downloads, two files on the Desktop, and the only file on the DVD. Am I right?

DVD: It contains the malware folder you copied on the desktop, right?
Downloads: Comodo containment excludes it; the contained malware can modify the files. @cruelsister Please correct me if I'm wrong.
Desktop: What are the two files the malware encrypted?
 
Last edited by a moderator:
  • Like
Reactions: Nevi, Shadowra and simmerskool
Shadowra

Shadowra

Level 36
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
rhythm said:
@Shadowra

I rewatched the video. It's hard to review the test without text or voice, and things are tiny in the video. What I could make out is that the malware encrypted the files in the Downloads, two files on the Desktop, and the only file on the DVD. Am I right?

DVD: It contains the malware folder you copied on the desktop, right?
Downloads: Comodo containment excludes it; the contained malware can modify the files. @cruelsister Please correct me if I'm wrong.
Desktop: What are the two files the malware encrypted?
Click to expand...

Ransomware encrypted malware folder, desktop and download yes.
And it is visible :)

Sorry if it's tiny, I render in 1440p but Odysee force in 1080p....
 
  • Like
Reactions: Zero Knowledge, Nevi, roger_m and 3 others
F

ForgottenSeer 100397

Shadowra said:
Ransomware encrypted malware folder, desktop and download yes.
And it is visible :)

Sorry if it's tiny, I render in 1440p but Odysee force in 1080p....
Click to expand...
I already posted about the downloads folder.

Did you insert the DVD with the malware folder in the DVD drive (to have it in the drive ready for the test) before the CIS installation?

It would be helpful if you could tell me about the two files the malware encrypted on the desktop.
 
Last edited by a moderator:
  • Like
Reactions: Shadowra
Shadowra

Shadowra

Level 36
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
rhythm said:
I already posted about the downloads folder.

Did you insert the DVD with the malware folder in the DVD drive (to have it in the drive ready for the test) before the CIS installation?

It would be helpful if you could tell me about the two files the malware encrypted on the desktop.
Click to expand...

Why are you talking about DVDs?

The malware package is a RAR archive that is copied after the installation of Comodo and after the URL test and the fake crack test.

The 2 files on the desktop, you have an .ini of my desktop configuration and the .txt that contains the malicious URLs.

likeastar20 said:
@Shadowra how come you don't use YouTube? Surely you would get more engagement there
Click to expand...
YouTube doesn't really appreciate tests and the AI detects it as hacking :) the channels that stay usually have a network or don't have the same visibility as my channel (and I made a post when I had my YouTube channel removed... and Odysee I'm free to do what I want on it, and I like that :) )
 
  • Like
  • +Reputation
Reactions: Zero Knowledge, Nevi, roger_m and 3 others
F

ForgottenSeer 100397

Shadowra said:
Why are you talking about DVDs?

The malware package is a RAR archive that is copied after the installation of Comodo and after the URL test and the fake crack test.

The 2 files on the desktop, you have an .ini of my desktop configuration and the .txt that contains the malicious URLs.
Click to expand...
Ok, I just want to know how you copied the malware package.
from the host machine?
from a location on the VM you were testing CIS on?
from a disk or USB, and were they inserted or attached before the CIS installation?
 
  • Like
Reactions: Shadowra
Shadowra

Shadowra

Level 36
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
rhythm said:
Ok, I just want to know how you copied the malware package.
from the host machine?
from a location on the VM you were testing CIS on?
from a disk or USB, and were they inserted or attached before the CIS installation?
Click to expand...

Yep it's copied from my host PC :)
If you install VMware Tools, you can copy files from your host PC to your VM :)
Of course, my VMs are isolated so that a malware can't attack my home computer.
 
  • Like
Reactions: Zero Knowledge, simmerskool and ForgottenSeer 100397
M

MrMr

Level 1
Apr 20, 2023
23
Btw @Shadowra you should note in the main post that this is the basic protection from CIS, not that of CFW CS because everything would be blocked, unfortunately CIS is still very bad at protecting anything, they know it but wont change it (maybe after the brand name changes but for Comodo its not happening)
 
  • Like
Reactions: simmerskool and Shadowra
F

ForgottenSeer 100397

@Shadowra I appreciate your work. Keep it up. Thank you!

I believe the malware could encrypt the files in the downloads folder because of a weak containment setting, "do not virtualize access to the specified files or folders." It is not a Comodo containment bypass.

From Comodo help files: Containment Settings, Containment Computer Security, Desktop Software | Internet Security
By default, contained applications can access folders, files, and registry keys on your local system, but cannot change them.
The "Do not virtualize..." settings let you create exceptions to these policies if required.

The rest is a .txt file encrypted on the desktop. If my memory serves well, there is a minor issue with the default config: ransomware could create the ransom note .txt file on the desktop or could encrypt a .txt file on the desktop, something like this. I guess @cruelsister could shed light on this.
 
Last edited by a moderator:
  • Like
Reactions: simmerskool and Shadowra
F

ForgottenSeer 97327

Does anyone know what the defaults are for this setting?

1682148536451.png
 
  • Like
Reactions: ForgottenSeer 100397

Similar threads

Shadowra
    • Like
    • +Reputation
    • Applause
  • Locked
App Review COMODO Internet Security 2025 Premium
Replies
117
Views
12,391
Video Reviews - Security and Privacy
Victor M
Victor M
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Dr.Web Security Space 2024
Replies
9
Views
1,154
Video Reviews - Security and Privacy
TairikuOkami
TairikuOkami
Shadowra
    • Like
    • +Reputation
    • Applause
App Review Eset Smart Security 2024
Replies
26
Views
2,907
Video Reviews - Security and Privacy
superleeds27
S

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top