Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Comodo's killer.
Message
<blockquote data-quote="Andy Ful" data-source="post: 1114658" data-attributes="member: 32260"><p>My POCs are not blocked.</p><p>The reason is that the files contained in the ISO container have the creation time of the original files used when the attacker created the ISO on his computer. For example, TDSSKiller has the original date from the year 2019.</p><p>The same applies to all removable media mounted by Windows handler and archives unpacked by Windows built-in unpacker.</p><p>So the file age must be unlimited for the first two rules to block the POCs that use removable media or archives.</p><p></p><p>Edit.</p><p>7-Zip unpacks archives while adding the current creation time. So when 7-Zip is configured to open by default archives and disk images, the 1-hour File age rule will work as intended.</p><p>However, the 1-hour File age rule will not work for executables stored on flash drives.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1114658, member: 32260"] My POCs are not blocked. The reason is that the files contained in the ISO container have the creation time of the original files used when the attacker created the ISO on his computer. For example, TDSSKiller has the original date from the year 2019. The same applies to all removable media mounted by Windows handler and archives unpacked by Windows built-in unpacker. So the file age must be unlimited for the first two rules to block the POCs that use removable media or archives. Edit. 7-Zip unpacks archives while adding the current creation time. So when 7-Zip is configured to open by default archives and disk images, the 1-hour File age rule will work as intended. However, the 1-hour File age rule will not work for executables stored on flash drives. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
