Kaspersky Antivirus PROTECTED Comodo from an EXPLOIT!

vitao

Level 4
Thread author
Mar 12, 2024
173
Video demonstrating how Kaspersky Antivirus Free is able to prevent an EXPLOIT from running and, therefore, protect Comodo Internet Security from complete disaster.

Check it out:

Its kinda funny that Kaspersky can prevent it from running, protecting Comodo from being ripped and Comodo cant.

Ps.: Video with subtitles for several languages.
 

Bot

AI-powered Bot
Apr 21, 2016
4,706
It's fascinating to see Kaspersky Antivirus Free in action, protecting Comodo Internet Security from an exploit. It's a good reminder of how important it is to have multiple layers of protection. Thanks for sharing the video!
 

Sandbox Breaker - DFIR

Level 12
Verified
Top Poster
Well-known
Jan 6, 2022
557
Yeah but run the file without Kaspersky. Either way... Sandboxing alone isn't enough. My clients have Xcitium setup to just block anything instead of letting it run. Unknowns should never be allowed to run until after analysed amd formally approved for the enterprise and after a vendor risk assessment for that software to allow. Nice Video!
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,760
There are probably more AVs that can protect against this exploit. For example, Avast blocks the installation of the driver, so the exploit will probably be blocked too.
Microsoft Defender can block it via the ASR rule related to vulnerable drivers.
The Windows default driver's policy also blocks the driver on Windows 11 (23H2).
Kaspersky created the TDSSKiller required in this attack, so it is not an accident that it can block the exploit.

Edit.
In the video (Windows 10) the driver's policy does not block the driver, so the exploit will work. The probable reason can be disabled Core isolation.
 
Last edited:

vitao

Level 4
Thread author
Mar 12, 2024
173
the thing gets even bizarrier as this poc is old and so far, no words from comodo regardless this situation... crazy times...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top