Comodo Internet Security vs targeted ransomware attack.
- Thread starter Andy Ful
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
I tried Bitdefender Total Security. It blocked the attack behaviorally.
The attack was successful when Advanced Threat Defense was disabled.
Last edited:
May I say MD behavioral analysis was comparable to that of B?
Bitdefender Advanced Threat Defense is more aggressive.
It also includes something similar to MD ASR rules.
But the ultimate result is blocking the attack post-execution by both.
Microsoft Defender detected the DLL on the pre-execution level. Bitdefender did not detect the DLL, but it did detect the abused EXE's actions upon execution.
Microsoft Defender can block the attack on execution via the ASR rule:
Overall, Comodo is effective for home users, regardless of configuration, except for those involved with cracks, keygens, and mods. I doubt the upcoming version will address any issues related to trusted malware or services; if I recall correctly, Xcitium offers solutions for these through the console or profile.However, we both agree that Comodo nails at home, if one can live with @cruelsister's settings.
Yes, explorer.exe in the temp directory is very suspicious. However, there is a simple solution. Set this ASR rule temporarily to Audit.
I have used "unblock" and will observe if it will be triggered again after 24 hours, or it just was one time alert during install.
Here is a similar example in the wild (InfoStealer), although it also uses shell code. It would be interesting to test it against Comodo to see how strong Comodo's shell code injection protection is.
https://thehackernews.com/2026/03/sloppylemming-targets-pakistan-and.html?m=1
https://malwaretips.com/threads/slo...using-dual-malware-chains.140014/post-1173685
There is a difference compared to my video. In the case of video, the targets were machines with Comodo protection. The in-the-wild example had probably a more general purpose, although it was still a targeted attack against government entities and critical infrastructure operators in some countries (not against home users). Home users are safe (so far).
There is also a second infection chain in the article (Excel VBA Macro + DLL hijacking = keylogger). This one also has great chances to bypass Comodo.
https://thehackernews.com/2026/03/sloppylemming-targets-pakistan-and.html?m=1
https://malwaretips.com/threads/slo...using-dual-malware-chains.140014/post-1173685
There is a difference compared to my video. In the case of video, the targets were machines with Comodo protection. The in-the-wild example had probably a more general purpose, although it was still a targeted attack against government entities and critical infrastructure operators in some countries (not against home users). Home users are safe (so far).
There is also a second infection chain in the article (Excel VBA Macro + DLL hijacking = keylogger). This one also has great chances to bypass Comodo.
Last edited:
You may also like...
-
-
Default Deny Tools and Script Interpreters in the AI Era- Started by Online_Sword
- Replies: 2
-
