Advice Request Is CCAV enough against 99% of ransomwares?

[Wave]

It was an example. I didn't say Kaspersky actually has one now even though it might have like any other security software.

@Wave explains it better to might want to check his reply. I suck at explaining things.

Question - Is CCAV enough against 99% of ransomwares?

You don't suck at explaining anything, I've got to go back and Like your previous replies as I was too busy replying just now. In fact I would say you explained it better than me.

Good work pointing that out btw

As for Kaspersky in general, I can tell you based on testing that it's much more secure than some other vendors products.. Of course they are all prone to security flaws down the line though. I would say Kaspersky is pretty tough though.

 

[SHvFl]

You don't suck at explaining anything, I've got to go back and Like your previous replies as I was too busy replying just now. In fact I would say you explained it better than me.

Good work pointing that out btw

As for Kaspersky in general, I can tell you based on testing that it's much more secure than some other vendors products.. Of course they are all prone to security flaws down the line though. I would say Kaspersky is pretty tough though.

Thanks mate.

Btw not like i have anything against Kaspersky but it has exploit and issues like all programs. At least they respond to bug reports fast but still nothing is 100% secure.

Project Zero: Kaspersky: Mo Unpackers, Mo Problems.

 

[harlan4096]

I know it and went fixed already, You can check this link where K. keeps a list of vulnerabilities:

List of Advisories

 

[SHvFl]

I know it and went fixed already, You can check this link where K. keeps a list of Known vulnerabilities:

List of Advisories

Key word is Known.
I know it was fixed. It was an example of issues using multiple security software can create and that nothing is 100% secure.

 

[MalwareBlockerYT]

Sure will try. So one of the arguments lots in the industry have is that security software not only can't protect you but it will create security problems. The reason for that is that all of them run as system applications and have full control to do anything. Let's say someone manages to take control of Kaspersky. Immediately he has access to everything and can force other security application to die. Because it has permissions the same level as the other security applications because of the escalation forced by taking over Kaspersky.

So the more programs you stuck together doesn't necessarily mean you are better protected.

Ah well said I get your explanation now It's true that nothing gets 100% but you can try to get as close to 100% as possible.

 

[Wave]

Btw not like i have anything against Kaspersky but it has exploit and issues like all programs. At least they respond to bug reports fast but still nothing is 100% secure.

Don't worry I was actually talking about self-protection when I said that earlier but I was rushing as I had to leave for a bit so I didn't mention it back then... The self protection seems to be tougher, most vendors use the same techniques but if I recall right Kaspersky do some additional things too to protect the GUI processes from remote code execution

 

[SHvFl]

Don't worry I was actually talking about self-protection when I said that earlier but I was rushing as I had to leave for a bit so I didn't mention it back then... The self protection seems to be tougher, most vendors use the same techniques but if I recall right Kaspersky do some additional things too to protect the GUI processes from remote code execution

Correct, i believe you are right. Don't like Kaspersky for other reasons but that is personal preference. I rarely like something so doesn't come to a surprise for anyone reading my replies here.

 

[Evjl's Rain]

I tested CCAV in my VM and this is the result:
- It sandboxed 99% of my samples
- MBR-encrypting ransomwares (petya) successfully damaged the VM => failed

I also installed it in my host host machine, CPU usage was always 0.1%-2.5% and never went back to 0%. Disliked => uninstalled

I tried CF with proactive preset and some personal tweaks, it blocked 100% of ransomwares and didn't cause persistent CPU usage

 

[509322]

Hi everyone,

I would like to ask about CCAV with default sandbox settings
I'm not a fan of highly restricted/untrusted rules, I prefer partially limited (CF& CIS) or a bit higher than partial but less than highly restricted (CCAV)

In this case of CCAV, can it protect agaisnt most ransomwares which are not able to bypass CCAV's sandbox?

thank you

Somewhere in this thread you mention that your objective is to be able to run business management software inside a sandbox.

Just keep in mind that - unless you configure the sandbox to save data - all data will be lost once the sandbox is closed.

Preserving the data dependency of the "business management" software that needs data to be saved and store locally to function correctly might be of paramount importance.

 

[Fel Grossi]

@Evjl's Rain You have the sample that can bypass CCAV yet?

Link below is a topic in Comodo forum to submit samples that can bypass CCAV.

https://forums.comodo.com/news-anno...y-malware-that-can-bypass-ccav-t116563.0.html

 

[Brahman]

I tested CCAV in my VM and this is the result:
- It sandboxed 99% of my samples
- MBR-encrypting ransomwares (petya) successfully damaged the VM => failed

I also installed it in my host host machine, CPU usage was always 0.1%-2.5% and never went back to 0%. Disliked => uninstalled

I tried CF with proactive preset and some personal tweaks, it blocked 100% of ransomwares and didn't cause persistent CPU usage

Thats interesting. i thought they were using the same sandbox tech as it is in CIS.

 

[shmu26]

Thats interesting. i thought they were using the same sandbox tech as it is in CIS.

even in CIS, the sandbox protection varies between the various preset configs. Only proactive config has the heaviest sandbox protection.