App Review Malware bypass Comodo Firewall @ CS settings

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
D

Deleted member 178

Rodney74 said:
Uhhh wait... Now I'm confused.... Why this video then, and why your setup which no longer includes Comodo?
Click to expand...
Because:
1- Comodo has a 10 years old bug, that make all rules disappear, and when you spent hours making them it is quite annoying, of course i could import them again, but the fact that this bug is still present irritate me to the most.
2- i use Appguard, which give me the same level of protection than Comodo without the hassle to configure everything and answering alerts.
 
  • Like
Reactions: TairikuOkami, Sunshine-boy and AtlBo
woodrowbone

woodrowbone

Level 10
Verified
Dec 24, 2011
480
Trickster said:
Has anyone pointed this out on the comodo forums yet or not? if not , I will post this at the forums if that is ok? cruesister is on the road for sometime , so I do not know when she is able to reply back to this thread.
Click to expand...

Hi Trickster,
Did you report it?
If you did, could you give us a link?

If you reported it to their forums of course :)

/W
 
  • Like
Reactions: Sunshine-boy, _CyberGhosT_, AtlBo and 1 other person
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
jamescv7 said:
Actually Comodo should provide much careful on the connection of components; for example even the program is trusted however a pop-up should shown about missing digital signature or other information.
Click to expand...

This seems like a very logical solution to this kind of issue. Add a pop up for unsigned with a choice that said "unsigned file is whitelisted by cloud lookup, what do you want to do?". User could choose sandbox. Actually, maybe a setting to bypass cloud lookup for unsigned and auto-sandbox them would be a good idea. VERY concerning that this can run uncontained without user knowledge that the file is not signed. More activity from Comodo, OK, but unsigned is unsafe, yes?
 
  • Like
Reactions: shmu26
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
AtlBo said:
This seems like a very logical solution to this kind of issue. Add a pop up for unsigned with a choice that said "unsigned file is whitelisted by cloud lookup, what do you want to do?". User could choose sandbox. Actually, maybe a setting to bypass cloud lookup for unsigned and auto-sandbox them would be a good idea. VERY concerning that this can run uncontained without user knowledge that the file is not signed. More activity from Comodo, OK, but unsigned is unsafe, yes?
Click to expand...
The problem with this solution is that there are a lot of system files that are unsigned by Microsoft. So the user will get too many prompts.
 
  • Like
Reactions: Sunshine-boy, _CyberGhosT_, done and 1 other person
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
OK, thanks for the information @shmu26. I didn't have that in perspective. I noticed that some apps aren't signed from MS such as Insomnia (anti-sleep app) and I think MouseWithoutBorders. I was a little bit surprised by that.

Stupid question, but shouldn't all MS files be signed? They are a signature provider I believe.
 
Last edited:
  • Like
Reactions: _CyberGhosT_
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
AtlBo said:
Stupid question, but shouldn't all MS files be signed? They are a signature provider I believe.
Click to expand...
I wish I knew the answer to that. You would be surprised how many are not signed, though. For instance, powershell is not signed, and neither is cmd.exe. There are lots and lots of others. I don't quite get it, but that's the weird reality.
 
  • Like
Reactions: BugCode, _CyberGhosT_ and AtlBo
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
woodrowbone said:
A working Valkyrie implemented in CFW could help the analyst who made this blunder.

/W
Click to expand...
It can also hinder. Valkyrie has a history of labelling legitimate applications as malware and vice versa. Doesn't happen often enough to be much of a problem but it's there. I put more faith in the analyst personally although obviously neither are perfect.
 
Last edited:
  • Like
Reactions: BugCode, _CyberGhosT_, shmu26 and 1 other person
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Arequire said:
It can also hinder. Valkyrie has a history of labelling legitimate applications as malware and vice versa. Doesn't happen often enough to be much of a problem but it's there. I put more faith in the analyst personally although obviously neither are perfect.
Click to expand...
Right, and all it takes is for one to get through no matter your skill level there is a chance for big
problems, I was big into Comodo when they launched in early 2000 (I think) I lost interest in their products but
I keep an ear to the ground on their progress, if they release something impressive I would give it a look
but nothing they have out now interests me.
 
  • Like
Reactions: Deleted member 65228, Winter Soldier, shmu26 and 2 others
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
_CyberGhosT_ said:
Right, and all it takes is for one to get through no matter your skill level there is a chance for big
problems, I was big into Comodo when they launched in early 2000 (I think) I lost interest in their products but
I keep an ear to the ground on their progress, if they release something impressive I would give it a look
but nothing they have out now interests me.
Click to expand...
How could you not be impressed by the absolute masterpiece that is CCAV? :rolleyes:
 
  • Like
Reactions: AtlBo, shmu26 and _CyberGhosT_
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Arequire said:
Oh don't you worry. You'll be impressed when they release Comodo Cloud Antivirus Complete. CCAV in all its semi-functional glory... with a lifetime GeekBuddy subscription! :eek:
Click to expand...
When I first installed Comodo, it failed to turn off Windows firewall, as is well known.
I decided to try the GeekBuddy support.
They told me it's no problem, you can run 2 firewalls at the same time.
That's it, fellas: GeekBuddy support is worth it at any price!
 
  • Like
Reactions: AtlBo and Sunshine-boy
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
shmu26 said:
When I first installed Comodo, it failed to turn off Windows firewall, as is well known.
I decided to try the GeekBuddy support.
They told me it's no problem, you can run 2 firewalls at the same time.
That's it, fellas: GeekBuddy support is worth it at any price!
Click to expand...
"Double the firewall, double the protection!" ;)
 
  • Like
Reactions: AtlBo, erreale and shmu26
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
But on a more serious note, Comodo Firewall has come a long way.
It works well, it can be quickly tweaked to a high level of protection (CS settings, for instance), and even this bypass does not actually do damage. Because at the bottom line, Comodo firewall blocks the payload from connecting out (at CS settings), or prompts the user about a network request (at the default settings of Proactive mode or Firewall mode).
Besides that, most users run a decent AV alongside of CFW, so in real life, the bypass would be nipped in the bud.
 
  • Like
Reactions: AtlBo, BugCode and Arequire
TheMalwareMaster

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
@Av Gurus @cruelsister and all COMODO Firewall users: I figured out an easy way of preventing these whitelisted malware bypasses. I tested COMODO Firewall with cloud OFF and it was a pain when installing new software (blocking a lot of stuff, not usable).

This is an easy was to prevent these "whitelisted malware on the cloud". Just let the full cloud functionality on, open regedit and locate the key "ValidateAdminCodeSignatures". Set its value to 1 and reboot. This way, you will be able to install digitally signed software with no troubles, considering cloud is ON. You will block this "whitelisted malware", considering unsigned software won't be allowed to run. If you need to install some safe unsigned software, just set the value to 0, install it and then set it again to 1
 
  • Like
Reactions: upnorth, Sunshine-boy, harlan4096 and 4 others

Similar threads

Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Comodo Firewall BETA 2024 (Modified Settings)
Replies
12
Views
2,668
Video Reviews - Security and Privacy
Nikola Milanovic
Nikola Milanovic
rashmi
    • HaHa
    • Like
    • Applause
  • Locked
App Review COMODO Firewall 2025: Protector Diva for countless users, object of obsession for a few!
Replies
64
Views
3,969
Written Reviews - Security and Privacy
Chuck57
Chuck57
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Comodo Internet Security Premium Free 2023
Replies
36
Views
5,409
Video Reviews - Security and Privacy
ErzCrz
ErzCrz

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top