cruelsister

Level 37
Verified
Trusted
Content Creator
Hi Nagisa! Actually the better question is how to PREVENT a dll from getting infected, and this is where the strength of CF comes into play (Containment). Currently the popular method for either reflective dll or PE injection is by means of some script or other (powershell being the most common). Consider something like Netwalker variants which will initiate encryption with a powershell script that inject a dll into explorer. Stop the script will stop the malicious cascade (and CF just loves to kill scriptors). With Containment in Restricted Mode

Things like various sorts of Process Hollowing and Process Doppelgänging are also prevented by CF (not that you asked).

And good move on killing the HIPS. HIPS (in general) tend to give a false sense of security while pretty much ignoring things like the recently popular trend for malware to use LoLbins (the Ransominater series in the Video section being an excellent example).

Oh yeah- good move not bothering with CIS (which has the not needed on demand scanner). As you mention CF has the Cloud and File rating, but having something like WD enabled is also a good idea.
 

Vitali Ortzi

Level 20
Verified
Hi Nagisa! Actually the better question is how to PREVENT a dll from getting infected, and this is where the strength of CF comes into play (Containment). Currently the popular method for either reflective dll or PE injection is by means of some script or other (powershell being the most common). Consider something like Netwalker variants which will initiate encryption with a powershell script that inject a dll into explorer. Stop the script will stop the malicious cascade (and CF just loves to kill scriptors). With Containment in Restricted Mode

Things like various sorts of Process Hollowing and Process Doppelgänging are also prevented by CF (not that you asked).

And good move on killing the HIPS. HIPS (in general) tend to give a false sense of security while pretty much ignoring things like the recently popular trend for malware to use LoLbins (the Ransominater series in the Video section being an excellent example).

Oh yeah- good move not bothering with CIS (which has the not needed on demand scanner). As you mention CF has the Cloud and File rating, but having something like WD enabled is also a good idea.
Where can I find comodo firewall ?
Since the EOL only CIS is available via the website.
Post or PM a link if possible.
 
Top