Video Malware bypass Comodo Firewall @ CS settings

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Umbra

Level 61
Content Creator
Verified
May 16, 2011
17,488
Operating System
Windows 10
Installed Antivirus
Default-Deny
#61
Uhhh wait... Now I'm confused.... Why this video then, and why your setup which no longer includes Comodo?
Because:
1- Comodo has a 10 years old bug, that make all rules disappear, and when you spent hours making them it is quite annoying, of course i could import them again, but the fact that this bug is still present irritate me to the most.
2- i use Appguard, which give me the same level of protection than Comodo without the hassle to configure everything and answering alerts.
 
Dec 24, 2011
367
#62
Has anyone pointed this out on the comodo forums yet or not? if not , I will post this at the forums if that is ok? cruesister is on the road for sometime , so I do not know when she is able to reply back to this thread.
Hi Trickster,
Did you report it?
If you did, could you give us a link?

If you reported it to their forums of course :)

/W
 

AtlBo

Level 24
Dec 29, 2014
1,380
Installed Antivirus
Qihoo 360
#65
Actually Comodo should provide much careful on the connection of components; for example even the program is trusted however a pop-up should shown about missing digital signature or other information.
This seems like a very logical solution to this kind of issue. Add a pop up for unsigned with a choice that said "unsigned file is whitelisted by cloud lookup, what do you want to do?". User could choose sandbox. Actually, maybe a setting to bypass cloud lookup for unsigned and auto-sandbox them would be a good idea. VERY concerning that this can run uncontained without user knowledge that the file is not signed. More activity from Comodo, OK, but unsigned is unsafe, yes?
 
Likes: shmu26

shmu26

Level 57
Jul 3, 2015
4,687
Operating System
Windows 10
Installed Antivirus
Microsoft
#66
This seems like a very logical solution to this kind of issue. Add a pop up for unsigned with a choice that said "unsigned file is whitelisted by cloud lookup, what do you want to do?". User could choose sandbox. Actually, maybe a setting to bypass cloud lookup for unsigned and auto-sandbox them would be a good idea. VERY concerning that this can run uncontained without user knowledge that the file is not signed. More activity from Comodo, OK, but unsigned is unsafe, yes?
The problem with this solution is that there are a lot of system files that are unsigned by Microsoft. So the user will get too many prompts.
 

AtlBo

Level 24
Dec 29, 2014
1,380
Installed Antivirus
Qihoo 360
#67
OK, thanks for the information @shmu26. I didn't have that in perspective. I noticed that some apps aren't signed from MS such as Insomnia (anti-sleep app) and I think MouseWithoutBorders. I was a little bit surprised by that.

Stupid question, but shouldn't all MS files be signed? They are a signature provider I believe.
 
Last edited:
Likes: _CyberGhosT_

shmu26

Level 57
Jul 3, 2015
4,687
Operating System
Windows 10
Installed Antivirus
Microsoft
#68
Stupid question, but shouldn't all MS files be signed? They are a signature provider I believe.
I wish I knew the answer to that. You would be surprised how many are not signed, though. For instance, powershell is not signed, and neither is cmd.exe. There are lots and lots of others. I don't quite get it, but that's the weird reality.
 
Feb 10, 2017
954
Operating System
Windows 7
Installed Antivirus
Default-Deny
#70
A working Valkyrie implemented in CFW could help the analyst who made this blunder.

/W
It can also hinder. Valkyrie has a history of labelling legitimate applications as malware and vice versa. Doesn't happen often enough to be much of a problem but it's there. I put more faith in the analyst personally although obviously neither are perfect.
 
Last edited:

_CyberGhosT_

Level 52
Verified
Aug 2, 2015
4,177
Operating System
Linux Mint
Installed Antivirus
Default-Deny
#73
It can also hinder. Valkyrie has a history of labelling legitimate applications as malware and vice versa. Doesn't happen often enough to be much of a problem but it's there. I put more faith in the analyst personally although obviously neither are perfect.
Right, and all it takes is for one to get through no matter your skill level there is a chance for big
problems, I was big into Comodo when they launched in early 2000 (I think) I lost interest in their products but
I keep an ear to the ground on their progress, if they release something impressive I would give it a look
but nothing they have out now interests me.
 
Feb 10, 2017
954
Operating System
Windows 7
Installed Antivirus
Default-Deny
#74
Right, and all it takes is for one to get through no matter your skill level there is a chance for big
problems, I was big into Comodo when they launched in early 2000 (I think) I lost interest in their products but
I keep an ear to the ground on their progress, if they release something impressive I would give it a look
but nothing they have out now interests me.
How could you not be impressed by the absolute masterpiece that is CCAV? :rolleyes:
 

shmu26

Level 57
Jul 3, 2015
4,687
Operating System
Windows 10
Installed Antivirus
Microsoft
#77
Oh don't you worry. You'll be impressed when they release Comodo Cloud Antivirus Complete. CCAV in all its semi-functional glory... with a lifetime GeekBuddy subscription! :eek:
When I first installed Comodo, it failed to turn off Windows firewall, as is well known.
I decided to try the GeekBuddy support.
They told me it's no problem, you can run 2 firewalls at the same time.
That's it, fellas: GeekBuddy support is worth it at any price!
 
Feb 10, 2017
954
Operating System
Windows 7
Installed Antivirus
Default-Deny
#78
When I first installed Comodo, it failed to turn off Windows firewall, as is well known.
I decided to try the GeekBuddy support.
They told me it's no problem, you can run 2 firewalls at the same time.
That's it, fellas: GeekBuddy support is worth it at any price!
"Double the firewall, double the protection!" ;)
 

shmu26

Level 57
Jul 3, 2015
4,687
Operating System
Windows 10
Installed Antivirus
Microsoft
#79
But on a more serious note, Comodo Firewall has come a long way.
It works well, it can be quickly tweaked to a high level of protection (CS settings, for instance), and even this bypass does not actually do damage. Because at the bottom line, Comodo firewall blocks the payload from connecting out (at CS settings), or prompts the user about a network request (at the default settings of Proactive mode or Firewall mode).
Besides that, most users run a decent AV alongside of CFW, so in real life, the bypass would be nipped in the bud.
 

TheMalwareMaster

Level 19
Verified
Jan 4, 2016
931
Operating System
Windows 10
Installed Antivirus
Default-Deny
#80
@Av Gurus @cruelsister and all COMODO Firewall users: I figured out an easy way of preventing these whitelisted malware bypasses. I tested COMODO Firewall with cloud OFF and it was a pain when installing new software (blocking a lot of stuff, not usable).

This is an easy was to prevent these "whitelisted malware on the cloud". Just let the full cloud functionality on, open regedit and locate the key "ValidateAdminCodeSignatures". Set its value to 1 and reboot. This way, you will be able to install digitally signed software with no troubles, considering cloud is ON. You will block this "whitelisted malware", considering unsigned software won't be allowed to run. If you need to install some safe unsigned software, just set the value to 0, install it and then set it again to 1