Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Comodo's killer.
Message
<blockquote data-quote="Andy Ful" data-source="post: 1114920" data-attributes="member: 32260"><p><strong><span style="color: rgb(184, 49, 47)">I had to remove my previous post and repost it again. The previous rules worked weirdly.</span></strong></p><p></p><p></p><p></p><p>I discovered that the "File origin >> Removable Media" works for flash drives but not for virtual drives (mounted ISO, IMG, etc). So, I could contain the "All Applications" files only via the 7-Zip trick when the "Run virtually" rule is added for the 7-Zip application and 7-Zip is set as the default application to open disk images (ISO, IMG, etc.) and archives (*.zip, *.7z, *.rar, etc).</p><p></p><p>The working containment rules that can contain most of my POCs, most malware, and most DLL hijacking attacks are like in my updated post:</p><p>[URL unfurl="false"]https://malwaretips.com/threads/comodos-killer.133558/post-1114716[/URL]</p><p></p><p></p><p><strong><span style="color: rgb(0, 168, 133)">Auto-containment "Run virtually" rules:</span></strong></p><p></p><p><span style="color: rgb(41, 105, 176)"><strong>Rule 1</strong></span><strong> (<strong>protect against executables on the flash drives</strong>).</strong></p><p></p><p>[ATTACH=full]287166[/ATTACH]</p><p></p><p><span style="color: rgb(41, 105, 176)"><strong>Rule2. </strong></span><strong>(protect against executables in disk images and archives).</strong></p><p></p><p>[ATTACH=full]287167[/ATTACH]</p><p></p><p><span style="color: rgb(41, 105, 176)"><strong>Rule 3 </strong></span>(edited the default "Run virtually" rule with 1-day limit in the Proactive configuration)</p><p></p><p>[ATTACH=full]287168[/ATTACH]</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1114920, member: 32260"] [B][COLOR=rgb(184, 49, 47)]I had to remove my previous post and repost it again. The previous rules worked weirdly.[/COLOR][/B] I discovered that the "File origin >> Removable Media" works for flash drives but not for virtual drives (mounted ISO, IMG, etc). So, I could contain the "All Applications" files only via the 7-Zip trick when the "Run virtually" rule is added for the 7-Zip application and 7-Zip is set as the default application to open disk images (ISO, IMG, etc.) and archives (*.zip, *.7z, *.rar, etc). The working containment rules that can contain most of my POCs, most malware, and most DLL hijacking attacks are like in my updated post: [URL unfurl="false"]https://malwaretips.com/threads/comodos-killer.133558/post-1114716[/URL] [B][COLOR=rgb(0, 168, 133)]Auto-containment "Run virtually" rules:[/COLOR][/B] [COLOR=rgb(41, 105, 176)][B]Rule 1[/B][/COLOR][B] ([B]protect against executables on the flash drives[/B]).[/B] [ATTACH type="full" alt="1736871478831.png"]287166[/ATTACH] [COLOR=rgb(41, 105, 176)][B]Rule2. [/B][/COLOR][B](protect against executables in disk images and archives).[/B] [ATTACH type="full" alt="1736871536215.png"]287167[/ATTACH] [COLOR=rgb(41, 105, 176)][B]Rule 3 [/B][/COLOR](edited the default "Run virtually" rule with 1-day limit in the Proactive configuration) [ATTACH type="full" alt="1736871605447.png"]287168[/ATTACH] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
