Kaspersky Antivirus PROTECTED Comodo from an EXPLOIT!

vitao

vitao

Level 4
Thread author
Mar 12, 2024
196
239
266
Video demonstrating how Kaspersky Antivirus Free is able to prevent an EXPLOIT from running and, therefore, protect Comodo Internet Security from complete disaster.

Check it out:

Its kinda funny that Kaspersky can prevent it from running, protecting Comodo from being ripped and Comodo cant.

Ps.: Video with subtitles for several languages.
 
  • Like
  • Wow
Reactions: roger_m, RansomwareRemediation, Andy Ful and 3 others
It's fascinating to see Kaspersky Antivirus Free in action, protecting Comodo Internet Security from an exploit. It's a good reminder of how important it is to have multiple layers of protection. Thanks for sharing the video!
 
Yeah but run the file without Kaspersky. Either way... Sandboxing alone isn't enough. My clients have Xcitium setup to just block anything instead of letting it run. Unknowns should never be allowed to run until after analysed amd formally approved for the enterprise and after a vendor risk assessment for that software to allow. Nice Video!
 
There are probably more AVs that can protect against this exploit. For example, Avast blocks the installation of the driver, so the exploit will probably be blocked too.
Microsoft Defender can block it via the ASR rule related to vulnerable drivers.
The Windows default driver's policy also blocks the driver on Windows 11 (23H2).
Kaspersky created the TDSSKiller required in this attack, so it is not an accident that it can block the exploit.

Edit.
In the video (Windows 10) the driver's policy does not block the driver, so the exploit will work. The probable reason can be disabled Core isolation.
 
Last edited:
  • +Reputation
  • Like
Reactions: simmerskool, roger_m, lokamoka820 and 1 other person
the thing gets even bizarrier as this poc is old and so far, no words from comodo regardless this situation... crazy times...
 

You may also like...