Thanks, well spotted. Fix nowPlease change "Last updated" in your config.
Still trying to make sense of this Thunderbird slow download of messages thing.ErzCrz Security Config 2025
- Thread starter ErzCrz
- Start date
Still trying to make sense of this Thunderbird slow download of messages thing.
Been trialling Malwarebytes Windows Firewall Control with this setup. Seems to run without any issue. Obviously not the same as CF but effective at blocking inbound and outbound connections for applications. I like the feature checking files via VirusTotal page. Anyway, useful setup though a little more testing to do with it. As usual bouncing back and forth between setups
I do a bit of trying out configurations and I though I'd just post my Comodo Firewall / Comodo Internet Security Rules when I use it.
Initially @cruelsister 's setup with then some additions to clear firewall log going into the 100s. The main ones I'd say are required is the DCHP which I added specific IPv6 Address for and Edge if you use it. My thing has always been use Edge with Microsoft Defender and Firefox with Comodo but just out of preference and the Comodo web filtering only works with Firefox.
Needless to say, worth exporting the config when changing installs etc.
Initially @cruelsister 's setup with then some additions to clear firewall log going into the 100s. The main ones I'd say are required is the DCHP which I added specific IPv6 Address for and Edge if you use it. My thing has always been use Edge with Microsoft Defender and Firefox with Comodo but just out of preference and the Comodo web filtering only works with Firefox.
Needless to say, worth exporting the config when changing installs etc.
Last edited:
Back to Emsisoft Anti-Malware Home. Kinde of fed up with Betas and waiting Comodo release. CIS works okay but had some random Edge freezes.
Changed Password Manager to KeepassXC
Changed Password Manager to KeepassXC
No, I used to have a spare machine but not these days. MD is good but I won a Emsisoft in January and while I've bounced between products, gone back to it for now. Comodo beta should be out in a couple of months and Hard_Configurator on Beta 3 just now.
I understood, I asked why CIS failed to detect and block a RedLine Stealer, it only blocked it when the hips were active, but after deactivating the hips, CIS was not able to protect it, nor did it go to the sandbox, but the firewall blocked it. No AV is perfect, plus I never saw CIS fail with me until this day, I guess I did something wrong in my testing it just might be.
Which Redline Stealer? It would only not block one if it was whitlisted in the File Ratings or you haven't unchecked the "Do not virtualize the following..." which if left checked, would ignore files in Download or Recycle bin. You should have @cruelsister test it.
I'm not using CIS at the moment as I'm investigating why I had a Edge page freeze and a heat management warning in the windows logs and I'm just trying to find the culprit. May have been Edge itself doing a update or a game glitch.
It was a supposed fake "Game" that is actually stealer malware @Kongo posted here and my credit goes to him too I downloaded sample here. On VT out of 67 AVs only 11 detects follow the url of VirusTotal
So CIS was not able to protect it, MS-Defender did detect it as soon as it extracted the compressed file as Trojan:Win32/Wacatac.B!ml
Do you have a video of Comodo not sandboxing the malware? The VT is just the on-demand scanners of each AV and Comodo's scanner isn't the best. What settings did you use with CIS? The default has it's flaws but @cruelsister 's setup is better as Proactive Configuration is complete protection. Wishing I had a testing machine.It was a supposed fake "Game" that is actually stealer malware @Kongo posted here and my credit goes to him too I downloaded sample here. On VT out of 67 AVs only 11 detects follow the url of VirusTotal
So CIS was not able to protect it, MS-Defender did detect it as soon as it extracted the compressed file as Trojan:Win32/Wacatac.B!ml
EDIT: Found your related posts Discussion Thread - Harmony Endpoint by Check Point
I don't have video, I just didn't record the video because I did it on the real machine. And then I had to restore a backup image after the test lol, Remembering that I do not test malware is more @Shadowra was a curiosity of mine when @Kongo posted and also because of a giveaway that @BigWrench posted of ZoneAlarm Extreme Security NextGen was that I decided to test if really the ZA would detect and block but no, according to @Trident the ZA was not able to detect this type of threat because it exceeds the file size limit set by the ZA of 20MB and Malware has 63MB.
Yes, I posted the VT URL to show that most AVs will not detect it, only when executed. Only kaspersky, MD could detect it.
Proactive configuration activated, even the malware stealer was not contained by CIS.
Yes, I know Comodo's default configuration is not good but adjusted it is much better. Yes, it was in the proactive configuration activated, I found strange the malware has microsoft signature, but false and invalid, I think it was for CIS blocked or ending up in containment the stealer malware.
It detected it when I ran the malware and it established a dozen of connections. I provided the forensic reports there on ZA thread. The attack was then remediated. Seems like the C&C has been used in plethora of other malware.
Let me get this straight, if the hash is the same and this malware is already known why AVs haven't added it to their signatures yet? Yes, it is a specific malware but...
It is known to some, including to ZoneAlarm. Problem is it exceeds scan size so before you launch it, this file is not checked at all. Once you run it, many of them will detect by behaviour, including Webroot as you mentioned. There are additional detections for the dropped files. But that’s about it. Some of them still don’t know this stealer exists. I am guessing new versions of it are released at all times. My question is why the hosting provider is not terminating the C&C server? It has been registered almost a year ago. It has just gone under the radar like many others.
So you were right, if I had used another AV also would not detect, it would be almost minority that would block, I thought it was only ZA that was failing, good let's stop here, because it is private topic of ErzCrz. I apologize @ErzCrz for having invaded your topic and I am not criticizing CIS or comodo I like this CF/CIS product. I am always open to new possibilities. The good news is that I did not use the @cruelsister configuration I even breathe a sigh of relief, for those who use the @cruelsister configuration you are safe.
Quite simply, it was enabled by default on this new laptop I bought in January this year. Plus it being a laptop, encryption is a good idea if it gets stolen
No issue with it enabled as far as I can tell so if it's providing extra security I'm all for it.
I never seem to stay with one configuration for long. Probably just going to move back to my H_C CD FWH setup for it's simplicity. Will update post when I've done that. Will investigate Comodo again at some point when a stable comes out, just a number of things for them to still get right with it.
Was getting slows and internet stops when Emsisoft updating. Decided to change things up and go back to Comodo Firewall .8012 with Cruelsister config with custom rules for windows applications to allow outgoing only to HTTP ports. Edge had to have some extra rules added to Browser default ruleset but easy enough to do.
Good news is that switching the setup I realized uPNP/SSDP was still enabled on this laptop so resolved that
Good news is that switching the setup I realized uPNP/SSDP was still enabled on this laptop so resolved that
Kind of short lived, just checking on some game playing glitch I've experienced with it. It only happened when CF whitelisted some windows apps while the game was playing. Hmm. When in doubt go back to WD H_C with CFA enabled.
Last edited:
You may also like...
-
-
-
uBlock0rigin in Medium mode for Lighter and Stronger Protection, with Less websites breakage and hassle- Started by Windows_Security
- Replies: 129
-
4
-