Correlate

Level 8
Comodo Internet Security 12.0.0.6882 (latest version)
ChineseRarypt does not encrypt the files as the typical ransomware does, instead, it places them in password-protected files, which users cannot access unless they pay the ransom fee demanded by the attackers, (the test was performed with the default setting of Comodo), I really thought that the Comodo sandbox would protect the files, I'm not sure what could have happened, maybe it could be due to a defect in the Comodo sandbox, one thing I could see was that only the files on the desktop were affected, (the same location where the ransomware was run), other locations such as the images / videos / documents folder, were not affected by the ransomware.

 

Elpibe

Level 3
That's why I suggest to block unknown files instead of sandboxing them.
And switching to Proactive Security Configuration is another must :)
Theres an answer in his video:
Yes, I tried to reset the sandbox but the files were not recovered, I also changed the configuration to proactive mode and only got a notification from the HIPS module, maybe making other changes in the configuration could have protected the files, I do not know, equally I think the sandbox has some defect, I did a test with Sandboxie with this ransomware and was able to protect all files.
 

imuade

Level 9
Verified
Theres an answer in his video:
This is what's written on Comodo Forums:
The video description says the test was done using the latest CIS version of 12.0.0.6882 but in the video, you can see the virusscope recognizer is 12.0.0.6780, so it is kinda misleading. I have the sample used and I tested againts 12.0.0.6882, and I didn't see any files get deleted like in the video and the how to decrypt your files txt document was not saved to the real desktop. So maybe the issue did affect 6870 but is now fixed in 6882, which might mean the sample used the vulnerabilities that were disclosed that affected 6870 to bypass the sandbox
 

Correlate

Level 8
Comodo Internet Security is a free comprehensive security solution. Includes antivirus, anti-spyware, firewall with content filter, proactive HIPS protection, protection box and safe shopping.
**Overall, it is a good solution compared to other free solutions**
Key components of Comodo Internet Security Premium
• Antivirus and antispyware • Personal firewall
• Behavioral Analysis • HIPS
• Viruscope System • Content Filter
• Automatic sandbox • Virtual desktop
• Comodo Secure DNS • Rescue Disk
• Comodo Cleaning Essentials • Process Manager
• Comodo Dragon Web Browser • Safe Shopping
• Internet Security Essentials
 

Syafiq

Level 11
Verified
Comodo Internet Security is a free comprehensive security solution. Includes antivirus, anti-spyware, firewall with content filter, proactive HIPS protection, protection box and safe shopping.
**Overall, it is a good solution compared to other free solutions**
Key components of Comodo Internet Security Premium
• Antivirus and antispyware • Personal firewall
• Behavioral Analysis • HIPS
• Viruscope System • Content Filter
• Automatic sandbox • Virtual desktop
• Comodo Secure DNS • Rescue Disk
• Comodo Cleaning Essentials • Process Manager
• Comodo Dragon Web Browser • Safe Shopping
• Internet Security Essentials
Their av engine is useless, however. Another free av has much better detection rate than comodo. But, comodo does have its unbeatable sandbox, if configured with @cruelsister's config :)
 

ZeroDay

Level 28
Verified
Malware Tester
CS settings or similar would have stopped this in it's tracks. It's a well known fact that CIS/CF has to be tweaked properly and once that is donne it's rock solid. I would like to have seen this tested at CS settings and with block all unknown files checked. I personally use similar settings to CS with the firewall also set to safe mode>block unknown connections, Sandbox set to untrusted, the relevant boxes to not virtualize access to certain areas, Command line analise tweaks and a few other tweaks. Comodo has never really been much good at default settings.
To get the full benefits offered by Comodo it needs to be tweaked and once tweaked it's as solid as protection as you're going to get free of paid. I know I'm only pointing out what we all know here but some testers just aren't aware of how strong a tweaked CIS/CF is.

CS settings - Problem solved.
 

ZeroDay

Level 28
Verified
Malware Tester
Hi @ZeroDay !

I have CF+CS' settings.
Please, if possible, can you explain (step by step) what different "tweaks" you added to your CF?

Also please, I would like to know if CF/CS has any protection against SPECTRE/MELTDOWN.

Thank you
I pretty much use the same settings @bribon77 posted above with a few extra tweaks I've added myself. Some of the tweaks I've added are in Command line analysis , some are in the firewall settings. I haven't got CF installed on this machine but I have it on a laptop so I will post a few screenshots of the extra settings I've added on top of what CS uses and @bribon77 posted above./ Be careful when changing setting in command line analysis because some of those settings can interfere with certain software that you may use and I may not. They want cause any major problems if any at all just minor announces. I'll boot my laptop up after I've had my lunch and post those screenshots for you.
 

Decopi

Level 2
@ZeroDay and @bribon77 ... thank you both.
I'm interested only in CS' tweaks (that not change CS' settings, preserve CS' settings, complement CS' settings etc).
There's no need to post videos, details, screenshots etc about CS' settings... please, just your tweaks (variations of CS' settings).
Please, post your CS' tweaks only if you want/can, and only when you want/can.
Thank you
 

darko999

Level 17
Verified
Comodo HIPS "Training mode" broken on Windows 10 1903 build 18632. It won't generate any rule for any program or software you use, it's literally dead, you have to ues Safe Mode with "create rules for safe applications" instead in order to generate allowed rules for apps for the HIPS.