Advice Request Does Comodo FLS protect from DLL hijacking or process injection?

Please provide comments and solutions that are helpful to the author of this topic.

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Hi Nagisa! Actually the better question is how to PREVENT a dll from getting infected, and this is where the strength of CF comes into play (Containment). Currently the popular method for either reflective dll or PE injection is by means of some script or other (powershell being the most common). Consider something like Netwalker variants which will initiate encryption with a powershell script that inject a dll into explorer. Stop the script will stop the malicious cascade (and CF just loves to kill scriptors). With Containment in Restricted Mode

Things like various sorts of Process Hollowing and Process Doppelgänging are also prevented by CF (not that you asked).

And good move on killing the HIPS. HIPS (in general) tend to give a false sense of security while pretty much ignoring things like the recently popular trend for malware to use LoLbins (the Ransominater series in the Video section being an excellent example).

Oh yeah- good move not bothering with CIS (which has the not needed on demand scanner). As you mention CF has the Cloud and File rating, but having something like WD enabled is also a good idea.
 

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,580
Hi Nagisa! Actually the better question is how to PREVENT a dll from getting infected, and this is where the strength of CF comes into play (Containment). Currently the popular method for either reflective dll or PE injection is by means of some script or other (powershell being the most common). Consider something like Netwalker variants which will initiate encryption with a powershell script that inject a dll into explorer. Stop the script will stop the malicious cascade (and CF just loves to kill scriptors). With Containment in Restricted Mode

Things like various sorts of Process Hollowing and Process Doppelgänging are also prevented by CF (not that you asked).

And good move on killing the HIPS. HIPS (in general) tend to give a false sense of security while pretty much ignoring things like the recently popular trend for malware to use LoLbins (the Ransominater series in the Video section being an excellent example).

Oh yeah- good move not bothering with CIS (which has the not needed on demand scanner). As you mention CF has the Cloud and File rating, but having something like WD enabled is also a good idea.
Where can I find comodo firewall ?
Since the EOL only CIS is available via the website.
Post or PM a link if possible.
 
  • Like
Reactions: Protomartyr

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Where can I find comodo firewall ?
Since the EOL only CIS is available via the website.
Post or PM a link if possible.

Here's a link

Open a setup> Options> all unchecked > Components uncheck all except Firewall then install it
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top