App Review Malware bypass Comodo Firewall @ CS settings

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Av Gurus

Av Gurus

Level 29
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Comodo firewall is set to Cruelsister settings.
I think that this malware is bypased that settings (maybe I'm wrong).
What do you think?

Video summary:
1. check Comodo firewall settings
2. delete all trusted vendors
3. add some malware to see if Comodo is working OK
4. check that one malware at VT
5. run malware and watch:
- C:\Users\Av-Gurus\AppData\Local
- Task manager startup
- network connection

 
Last edited:
  • Like
Reactions: upnorth, brambedkar59, omidomi and 18 others
D

Deleted member 178

from what i see, the sandbox wasn't able to catch it.
Anyway , CS settings isn't the tightest one, it is a mix between usability and security focusing on the sandbox as main defense by disabling (silencing) the HIPS; with my settings i would be alerted by a prompt from the HIPS.

Edit: For those that doesn't want to read the whole thread, Comodo rated the malware as "Trusted" so it wasn't sandboxed or blocked by the HIPS.
 
Last edited by a moderator:
  • Like
Reactions: darko999, brambedkar59, omidomi and 14 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
@Av Gurus , Just for the record, could you please enable HIPS, and run the test again? It's important to know if HIPS helps or not. I am sure that @Umbra's super-max settings will catch anything, but I still want to know if HIPS at default settings is any good.
 
  • Like
Reactions: Nestor, _CyberGhosT_, AtlBo and 6 others
Av Gurus

Av Gurus

Level 29
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Umbra said:
from what i see, the sandbox wasn't able to catch it.
Anyway , CS settings isn't the tightest one, it is a mix between usability and security focusing on the sandbox as main defense by disabling the HIPS; with my settings i would be alerted by a prompt from the HIPS.
Click to expand...

shmu26 said:
@Av Gurus , Just for the record, could you please enable HIPS, and run the test again? It's important to know if HIPS helps or not. I am sure that @Umbra's super-max settings will catch anything, but I still want to know if HIPS at default settings is any good.
Click to expand...

I just put HIPS to Safe Mode and results are the same.
Check pictures:

1.png 2.png3.png4.png
 
  • Like
Reactions: upnorth, brambedkar59, _CyberGhosT_ and 8 others
D

Deleted member 178

@Av Gurus can you run the malware under file rating, because if the file is flagged as trusted , it will bypass all protection (except the HIPS and in paranoid mode only ).

you can use Killswitch to do a second verification.

I saw it undetected in VT by Comodo , may be a reason.
 
  • Like
Reactions: _CyberGhosT_, AtlBo, shukla44 and 6 others
Av Gurus

Av Gurus

Level 29
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
How to do that? I don't understand...
 
  • Like
Reactions: AtlBo
E

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
hi, did you enable Cloud lookup (file rating settings)?

if you did, I doubt that that malware is marked as safe on valkyrie by someone that's why it can bypass the sandbox. I had 1 malware which bypassed CCAV by the same reason

if you disable cloud lookup, perhaps it won't be able to bypass
 
  • Like
Reactions: Nestor, _CyberGhosT_, AtlBo and 8 others
Av Gurus

Av Gurus

Level 29
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Umbra said:
Via Rating scan , the widget or use Killswitch as i described.
The malware must be launched first.

(i dont have CIS installed so i can't give you detailed procedure ^^ )
Click to expand...

Aha, so first run malware and then check "Rating Scan" to see if the file is there?

1.png

Evjl's Rain said:
hi, did you enable Cloud lookup (file rating settings)?

if you did, I doubt that that malware is marked as safe on valkyrie by someone that's why it can bypass the sandbox. I had 1 malware which bypassed CCAV by the same reason

if you disable cloud lookup, perhaps it won't be able to bypass
Click to expand...

Cloud is enable by default.

2.png
 
  • Like
Reactions: AtlBo

Similar threads

Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Comodo Firewall BETA 2024 (Modified Settings)
Replies
12
Views
2,667
Video Reviews - Security and Privacy
Nikola Milanovic
Nikola Milanovic
rashmi
    • HaHa
    • Like
    • Applause
  • Locked
App Review COMODO Firewall 2025: Protector Diva for countless users, object of obsession for a few!
Replies
64
Views
3,964
Written Reviews - Security and Privacy
Chuck57
Chuck57
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Comodo Internet Security Premium Free 2023
Replies
36
Views
5,406
Video Reviews - Security and Privacy
ErzCrz
ErzCrz

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top