Advice Request Does Comodo FLS protect from DLL hijacking or process injection?

Nagisa · Jun 16, 2020

I disabled HIPS on my CF setup. My only real-time protection is CFs file lookup server and VirusScope. What would happen if a legit program tries to load infected DLL? Does CF protect against it?

cruelsister · Jun 16, 2020

Hi Nagisa! Actually the better question is how to PREVENT a dll from getting infected, and this is where the strength of CF comes into play (Containment). Currently the popular method for either reflective dll or PE injection is by means of some script or other (powershell being the most common). Consider something like Netwalker variants which will initiate encryption with a powershell script that inject a dll into explorer. Stop the script will stop the malicious cascade (and CF just loves to kill scriptors). With Containment in Restricted Mode

Things like various sorts of Process Hollowing and Process Doppelgänging are also prevented by CF (not that you asked).

And good move on killing the HIPS. HIPS (in general) tend to give a false sense of security while pretty much ignoring things like the recently popular trend for malware to use LoLbins (the Ransominater series in the Video section being an excellent example).

Oh yeah- good move not bothering with CIS (which has the not needed on demand scanner). As you mention CF has the Cloud and File rating, but having something like WD enabled is also a good idea.

Vitali Ortzi · Jun 16, 2020

cruelsister said:
Hi Nagisa! Actually the better question is how to PREVENT a dll from getting infected, and this is where the strength of CF comes into play (Containment). Currently the popular method for either reflective dll or PE injection is by means of some script or other (powershell being the most common). Consider something like Netwalker variants which will initiate encryption with a powershell script that inject a dll into explorer. Stop the script will stop the malicious cascade (and CF just loves to kill scriptors). With Containment in Restricted Mode

Things like various sorts of Process Hollowing and Process Doppelgänging are also prevented by CF (not that you asked).

And good move on killing the HIPS. HIPS (in general) tend to give a false sense of security while pretty much ignoring things like the recently popular trend for malware to use LoLbins (the Ransominater series in the Video section being an excellent example).

Oh yeah- good move not bothering with CIS (which has the not needed on demand scanner). As you mention CF has the Cloud and File rating, but having something like WD enabled is also a good idea.

Where can I find comodo firewall ?
Since the EOL only CIS is available via the website.
Post or PM a link if possible.

CyberTech · Jun 16, 2020

Vitali Ortzi said:
Where can I find comodo firewall ?
Since the EOL only CIS is available via the website.
Post or PM a link if possible.

Here's a link

Comodo Firewall Free

Free Comodo Firewall with prevention-based protection.

www.techspot.com

Open a setup> Options> all unchecked > Components uncheck all except Firewall then install it

Chuck57 · Jun 16, 2020

And when you download Comodo Firewall, set it up to Cruelsister's specs. Doesn't take but a couple of minutes and you've got as close to bulletproof protection as any security software of which I'm aware.

Brahman · Jun 17, 2020

Chuck57 said:
And when you download Comodo Firewall, set it up to Cruelsister's specs. Doesn't take but a couple of minutes and you've got as close to bulletproof protection as any security software of which I'm aware.

Till it shows weird bugs and errors or till it gets updated...

Search

Advice Request Does Comodo FLS protect from DLL hijacking or process injection?

Nagisa

Level 7

cruelsister

Level 43

Vitali Ortzi

Level 24

CyberTech

Level 44

Comodo Firewall Free

Chuck57

Level 12

Brahman

Level 18

Similar threads