App Review Comodo's killer.

[Nikola Milanovic]

Not anything, but most of the unknowns.
Which configuration do you propose?
CIS/Xcitium does not contain the unknown DLLs loaded by applications (except for some LOLBins included in the Script Analysis panel).
However, the main problem is with Comodo's alerts. Most children should not be allowed to interact with containment alerts, because they tend to bypass the restrictions.
It is hard to configure CIS/Xcitium to be silent and very strong, without problems with software.
So yes, CIS/Xcitium can be really good for children, but not optimal for parents who must solve problems with silently blocked/contained software.

Post edited.

When a file is sandboxed i submit it to Xcitium for analysis and i get a verdict in less then 1 hour

 

[Vitali Ortzi]

When a file is sandboxed i submit it to Xcitium for analysis and i get a verdict in less then 1 hour

But if a malicious dll like starrailbase ?
Isn't blocked by virus scope and is launched as trusted that means you're infected and it's popular for gaming mods , piracy sites to have dll in archives that are malicious or that a user will be suggested to put inside the game directory and the game exe is marked as trusted (even pirated software exes that are safe are marked as trusted)


Basically there is a flaw in comodo and no current solution that doesn't increase false positives ratio
Not sure what config you're using but I'm very confident the same vulnerability will work on your machine unless you used something more aggressive then proactive

 

[Nikola Milanovic]

But if a malicious dll like starrailbase ?
Isn't blocked by virus scope and is launched as trusted that means you're infected

Unknown executables might use something that is trusted to destroy the system but even that will get contained

 

[Andy Ful]

When a file is sandboxed i submit it to Xcitium for analysis and i get a verdict in less then 1 hour

Are you a child?

 

[Nikola Milanovic]

Are you a child?

Im an teenager im 17 years old and i know about cybersecurity

 

[Vitali Ortzi]

When a file is sandboxed i submit it to Xcitium for analysis and i get a verdict in less then 1 hour

Try with tdss killer to launch a dll file that's unknown and you will see it's possible to bypass containment

 

[Andy Ful]

Unknown executables might use something that is trusted to destroy the system but even that will get contained

We talk about the opposite. Trusted executables can use something unknown to destroy the system and avoid containment.

 

[Vitali Ortzi]

Are you a child?

Probably a language barrier

 

[Nikola Milanovic]

We talk about the opposite. Trusted executables can use something unknown to destroy the system and avoid containment.

Well every AV is bypassable just so you know

 

[Andy Ful]

Im an teenager im 17 years old and i know about cybersecurity

Congrats.
But, we talk about the children in the last few posts.

 

[Nikola Milanovic]

No AV is perfect and it will never be but AVs are Good and i choosed Xcitium to protect my pc from zero-day malware i also know sources of where to get samples from
I Submit samples on a daily basis to Xcitium

 

[Andy Ful]

Well every AV is bypassable just so you know

Yes, that is true. However, in this thread, we would like to present the setup which is significantly better than most AVs and better than standard CIS/Xcitium settings.

 

[Andy Ful]

No AV is perfect and it will never be but AVs are Good and i choosed Xcitium to protect my pc from zero-day malware i also know sources of where to get samples from
I Submit samples on a daily basis to Xcitium

It is a good choice.

 

[Vitali Ortzi]

We talk about the opposite. Trusted executables can use something unknown to destroy the system and avoid containment.

100% but we are trying to figure out all kinds of different setups , solutions to get that so hard that it will take more then a skid and a malicious dll mod to infect a system yet be enough user friendly (low false positives) for users to use

I think cruel sister settings are not too bad on usability as you can install a fair amount of popular games , popular piracy with not too many false positives although some here and there


Andy solution will be too aggressive and even an admin of the PC might look for a more convenient method to secure his kids PC

 

[New_Style_xd]

For most Childrens Xcitium is really good it will sandbox or block anything unknown

The Comodo team was unable to fix the sandbox, the POC was able to bypass the CIS.
What they did was a workaround.

 

[Nikola Milanovic]

The Comodo team was unable to fix the sandbox, the POC was able to bypass the CIS.
What they did was a workaround.

Even sandbox is bypassable yes but still Xcitium does a pretty good job against unknown zero day malware

 

[Andy Ful]

The Comodo team was unable to fix the sandbox, the POC was able to bypass the CIS.
What they did was a workaround.

Which POC was able to bypass the newest version of CIS due to the sandbox bypass?

 

[New_Style_xd]

Comodo blocks many malwares with its Cloud as either .UnclassifiedMalware@1 or Trojan or whatever

It doesn't block it, there are several malwares that pass, according to the tests I do here.

 

[Nikola Milanovic]

It doesn't block it, there are several malwares that pass, according to the tests I do here.

Also you have to have a really good internet connection for fast verdicts for Xcitium

 

[Vitali Ortzi]

Even sandbox is bypassable yes but still Xcitium does a pretty good job against unknown zero day malware

The method used to bypass comodo is used by skids to put malware in mods .dll (game exe is trusted)
not even talking about how big of an issue that flaw is to enterprises but even to home users it's awful as it's definitely in the wild and not rare