Video Review Malware bypass Comodo Firewall @ CS settings

Discussion in 'Video Reviews' started by Av Gurus, Apr 28, 2017.

  1. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,672
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Because:
    1- Comodo has a 10 years old bug, that make all rules disappear, and when you spent hours making them it is quite annoying, of course i could import them again, but the fact that this bug is still present irritate me to the most.
    2- i use Appguard, which give me the same level of protection than Comodo without the hassle to configure everything and answering alerts.
     
    TairikuOkami, Sunshine-boy and AtlBo like this.
  2. woodrowbone

    woodrowbone Level 8

    Dec 24, 2011
    356
    560
    Hi Trickster,
    Did you report it?
    If you did, could you give us a link?

    If you reported it to their forums of course :)

    /W
     
  3. Trickster

    Trickster Level 14

    Jul 28, 2016
    663
    5,200
    Loving / caring Husband :)
    Europe
    Windows 10
    BullGuard
    Not het but I Will tomorrow ok?
     
  4. Trickster

    Trickster Level 14

    Jul 28, 2016
    663
    5,200
    Loving / caring Husband :)
    Europe
    Windows 10
    BullGuard
  5. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,517
    Qihoo 360
    This seems like a very logical solution to this kind of issue. Add a pop up for unsigned with a choice that said "unsigned file is whitelisted by cloud lookup, what do you want to do?". User could choose sandbox. Actually, maybe a setting to bypass cloud lookup for unsigned and auto-sandbox them would be a good idea. VERY concerning that this can run uncontained without user knowledge that the file is not signed. More activity from Comodo, OK, but unsigned is unsafe, yes?
     
    shmu26 likes this.
  6. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,614
    Utopia
    The problem with this solution is that there are a lot of system files that are unsigned by Microsoft. So the user will get too many prompts.
     
  7. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,517
    Qihoo 360
    #67 AtlBo, May 2, 2017
    Last edited: May 2, 2017
    OK, thanks for the information @shmu26. I didn't have that in perspective. I noticed that some apps aren't signed from MS such as Insomnia (anti-sleep app) and I think MouseWithoutBorders. I was a little bit surprised by that.

    Stupid question, but shouldn't all MS files be signed? They are a signature provider I believe.
     
    _CyberGhosT_ likes this.
  8. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,614
    Utopia
    I wish I knew the answer to that. You would be surprised how many are not signed, though. For instance, powershell is not signed, and neither is cmd.exe. There are lots and lots of others. I don't quite get it, but that's the weird reality.
     
    BugCode, _CyberGhosT_ and AtlBo like this.
  9. woodrowbone

    woodrowbone Level 8

    Dec 24, 2011
    356
    560
    A working Valkyrie implemented in CFW could help the analyst who made this blunder.

    /W
     
  10. Arequire

    Arequire Level 18

    Feb 10, 2017
    898
    2,803
    United Kingdom
    Windows 7
    Default-Deny
    #70 Arequire, May 2, 2017
    Last edited: May 2, 2017
    It can also hinder. Valkyrie has a history of labelling legitimate applications as malware and vice versa. Doesn't happen often enough to be much of a problem but it's there. I put more faith in the analyst personally although obviously neither are perfect.
     
  11. woodrowbone

    woodrowbone Level 8

    Dec 24, 2011
    356
    560
    Was the deal not with Valkyrie that first machine then human, when Valkyrie could not make up his/her mind over an unknown file?

    /W
     
    _CyberGhosT_, AtlBo and shmu26 like this.
  12. nsm0220

    nsm0220 Level 21

    Sep 9, 2013
    1,047
    1,818
    Windows 7
    G-Data
    Comodo year after year it haves disappoint me and even on my birthday, where Comodo got its throat silt by nasty malware.
     
  13. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,174
    27,492
    Retired
    Central US
    Linux Mint
    Default-Deny
    Right, and all it takes is for one to get through no matter your skill level there is a chance for big
    problems, I was big into Comodo when they launched in early 2000 (I think) I lost interest in their products but
    I keep an ear to the ground on their progress, if they release something impressive I would give it a look
    but nothing they have out now interests me.
     
  14. Arequire

    Arequire Level 18

    Feb 10, 2017
    898
    2,803
    United Kingdom
    Windows 7
    Default-Deny
    How could you not be impressed by the absolute masterpiece that is CCAV? :rolleyes:
     
    AtlBo, shmu26 and _CyberGhosT_ like this.
  15. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,174
    27,492
    Retired
    Central US
    Linux Mint
    Default-Deny
    I guess I am just not worthy ;)
     
  16. Arequire

    Arequire Level 18

    Feb 10, 2017
    898
    2,803
    United Kingdom
    Windows 7
    Default-Deny
    Oh don't you worry. You'll be impressed when they release Comodo Cloud Antivirus Complete. CCAV in all its semi-functional glory... with a lifetime GeekBuddy subscription! :eek:
     
    AtlBo, shmu26 and _CyberGhosT_ like this.
  17. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,614
    Utopia
    When I first installed Comodo, it failed to turn off Windows firewall, as is well known.
    I decided to try the GeekBuddy support.
    They told me it's no problem, you can run 2 firewalls at the same time.
    That's it, fellas: GeekBuddy support is worth it at any price!
     
    AtlBo and Sunshine-boy like this.
  18. Arequire

    Arequire Level 18

    Feb 10, 2017
    898
    2,803
    United Kingdom
    Windows 7
    Default-Deny
    "Double the firewall, double the protection!" ;)
     
    AtlBo, erreale and shmu26 like this.
  19. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,614
    Utopia
    But on a more serious note, Comodo Firewall has come a long way.
    It works well, it can be quickly tweaked to a high level of protection (CS settings, for instance), and even this bypass does not actually do damage. Because at the bottom line, Comodo firewall blocks the payload from connecting out (at CS settings), or prompts the user about a network request (at the default settings of Proactive mode or Firewall mode).
    Besides that, most users run a decent AV alongside of CFW, so in real life, the bypass would be nipped in the bud.
     
    AtlBo, BugCode and Arequire like this.
  20. TheMalwareMaster

    TheMalwareMaster Level 19
    Trusted

    Jan 4, 2016
    931
    5,464
    Europe
    Windows 10
    Default-Deny
    @Av Gurus @cruelsister and all COMODO Firewall users: I figured out an easy way of preventing these whitelisted malware bypasses. I tested COMODO Firewall with cloud OFF and it was a pain when installing new software (blocking a lot of stuff, not usable).

    This is an easy was to prevent these "whitelisted malware on the cloud". Just let the full cloud functionality on, open regedit and locate the key "ValidateAdminCodeSignatures". Set its value to 1 and reboot. This way, you will be able to install digitally signed software with no troubles, considering cloud is ON. You will block this "whitelisted malware", considering unsigned software won't be allowed to run. If you need to install some safe unsigned software, just set the value to 0, install it and then set it again to 1
     
Loading...