Video Heilig Defense RansomOff Bypassed



if the program detects that it is confined it will not do any action which could force the user to run this program outside the sandbox.

Well, of course, if the user thinks a program is clean they will run it outside the sandbox. Heck, most users will already assume that a file is clean based upon where they obtained the file from or the presence of a digital signature - and that is for the very tiny % of users that will pay attention to those details. If the security solution does not explicitly identify a program as malicious, most users will just run the program.

How many people will take a sample and run it in a virtual machine and make a manual determination of its safety before running it on their system ? No one except for an uber-security geek.

if COMODO through allow the execution outside the sandbox makes a kind of whitelist in the HIPS module I find a pity and it represents a security risk.

This issue has been debated at COMODO forum.
Last edited by a moderator:


From HeiDef
Mar 27, 2017
A little late to the party here but we will be releasing an update shortly. Not necessarily in response to this video but it has just been a long time coming. About the video, Roxas doesn't share his secret sauce on how he disables RO but fact of the matter is there are a number of ways to bypass security tools. The self-protection that RO implemented was geared towards specific use cases but we have expanded it a bit in the upcoming release.


Level 3
Jan 27, 2019
Have Heilig has something to do with CIA? I would not be happy finding out something shady going on in the background. Was about to try, now I am cautious about this tool. Is there any quarantee that there's no sniffing and suspicious behaviours happening? I'd be more happy to hear users opinions not Dev's, wich is unknown to me, nothing personal. Thanks in regards.
  • Like
Reactions: Correlate