App Review Full Bypass DDE Exploit COMODO AV-10.2.0.6526 DB-28788 (UNDETECTED!) - AV and HIPS ON Paranoid Mode

[AtlBo]

I better advice these users, to test it for themselves rather than depending on videos alone. Sometimes it proves nothing to download samples and just double click which means nothing to me. To really test the limit of an antivirus is to penetrate and go against the will of the Antivirus in any WORST situation and configurations. I did that to my own Antivirus and it failed miserably. Notified my AV vendor and they improve the detection. Few months later, tested again, found another loopholes.

Yes, this is my way to look at the programs too. I prefer to test their standard natural abilities to reliably respond to system changes and settings changes mostly (and otherwise system activity), but I do so with a focus on the efficacy of the alerts and schemes. Yet, I think I understand what you mean by this statement.

Seems noteworthy to me, though, in both cases to do protection testing, although I don't believe you are saying that standard detection/block testing is completely pointless. I can see the point for both, since they look at the potential for problems by looking at separate vectors for trouble.

I appreciate the information. Surprising to hear how a-vs were failing your inspections, and I hope you were somehow rewarded for your efforts. Definitely, the worst kind of malicious activity imo has somewhere in the attack chain an actual face in front of a keyboard poking for holes in the system.

I feel like there is much work to be done in the future to interconnect protections in security schemes with regards to the various vectors for attack, this to achieve comprehensive protection. Good luck with your testing, and I hope you continue looking for loopholes in security self-defense and that you are rewarded fairly along the way...

 

[Deleted member 178]

Anyway you can't evaluate a product weakness unless you set it to max security with custom settings, which isn't the case in this video; it was just the HIPS on paranoid, which is half the way only.

 

[Emmanuellws]

ran the same test on a machine with only Windows Defender, and never would have thought MS Windows Defender AMSI caught it..ok this is interesting. Never set anything EXTRA....does this make Windows Defender better than all AV because like my AV, COMODO...all are unable to detect and bypassed? LOL

 

[Emmanuellws]

Anyway you can't evaluate a product weakness unless you set it to max security with custom settings, which isn't the case in this video; it was just the HIPS on paranoid, which is half the way only.

I would love to set it to the Max, but please COMODO users try it yourself...I have no intention to redo the video. If I still do it it would look like a personal attack if I managed to bypass it. If this attack wont bypass that ultra settings, another attack method will do. And come on...how would I know the ultra settings if I am not a regular COMODO AV user....can you tell me? can anyone tell me? I would love to try bypass it again if I really have the time to go through the pain again..and once I bypassed...please..I guess there would be another extra settings I need to go through..it will be never ending.. LOL. In the end, I got nothing to lose here. it is up to COMODO AV user to notify COMODO or not and look into that areas. Since it is not my money buying service and subscriptions from them.

 

[Deleted member 178]

And come on...how would I know the ultra settings if I am not a regular COMODO AV user....can you tell me?

It is why unless you are a very knowledgeable user of the said product, don't waste your time to do bypass videos, you won't be taken seriously.
I saw many vids of guys claiming to bypass products and most don't have a clue of what they are doing or even understand how to use the tested product.

i don't say it is your case, but as you can see from the various reactions, the line is thin...

 

[ZeroDay]

It is why unless you are a very knowledgeable user of the said product, don't waste your time to do bypass videos, you won't be taken seriously.
I saw many vids of guys claiming to bypass products and most don't have a clue of what they are doing or even understand how to use the tested product.

i don't say it is your case, but as you can see from the various reactions, the line is thin...

I'm going to have to agree with Umbra here. Unless you have taken the time to learn all the features of a security software inside out you shouldn't be testing it.

 

[Emmanuellws]

It is why unless you are a very knowledgeable user of the said product, don't waste your time to do bypass videos, you won't be taken seriously.
I saw many vids of guys claiming to bypass products and most don't have a clue of what they are doing or even understand how to use the tested product.

i don't say it is your case, but as you can see from the various reactions, the line is thin...

I think you still dont get it, a COMODO users asked me to do a bypass test. You dont get me do you. I hope you understand my simple statements here.

 

[Emmanuellws]

It is funny you guys, so please now I am so eager to test COMODO AV at the full ultra super duper settings. Really love to do it now. Screenshhot it here. ..I will gladly try my best to bypass...be it deploy keylogger...steal infos...bypassUAC....and deploy ransomware...i will try my best...i promise.

 

[ZeroDay]

I think you still dont get it, a COMODO users asked me to do a bypass test. You dont get me do you. I hope you understand my simple statements here.

You should have simply taken time to learn how the product works before testing so you knew how to test it at max settings and you were familiar with the product you were testing.

 

[ZeroDay]

It is funny you guys, so please now I am so eager to test COMODO AV at the full ultra super duper settings. Really love to do it now. Screenshhot it here. ..I will gladly try my best to bypass...be it deploy keylogger...steal infos...bypassUAC....and deploy ransomware...i will try my best...i promise.

I can't wait to see this lol

I wish you well I can see your intentions are good.

 

[Emmanuellws]

I can't wait to see this lol

I wish you well I can see your intentions are good.

you better be hahahaha...i dont know whether i am being sarcastic or not...if I can bypass Carboon Black Lockdown with Powershell Disabled...and SentinelOne's Full threat and suspicious mode ON... why couldnt I bypasss COMODO super duper ultra settings...and in the end..what do i get for that extra work? I dont earn any respect ..not even bounty hahah..someone please prepare me the money to do it..hahaha