Video Malware bypass Comodo Firewall @ CS settings

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,962
OS
Windows 10
Antivirus
Default-Deny
#61
Uhhh wait... Now I'm confused.... Why this video then, and why your setup which no longer includes Comodo?
Because:
1- Comodo has a 10 years old bug, that make all rules disappear, and when you spent hours making them it is quite annoying, of course i could import them again, but the fact that this bug is still present irritate me to the most.
2- i use Appguard, which give me the same level of protection than Comodo without the hassle to configure everything and answering alerts.
 
Joined
Dec 24, 2011
Messages
368
#62
Has anyone pointed this out on the comodo forums yet or not? if not , I will post this at the forums if that is ok? cruesister is on the road for sometime , so I do not know when she is able to reply back to this thread.
Hi Trickster,
Did you report it?
If you did, could you give us a link?

If you reported it to their forums of course :)

/W
 

AtlBo

Level 24
Joined
Dec 29, 2014
Messages
1,390
Antivirus
Qihoo 360
#65
Actually Comodo should provide much careful on the connection of components; for example even the program is trusted however a pop-up should shown about missing digital signature or other information.
This seems like a very logical solution to this kind of issue. Add a pop up for unsigned with a choice that said "unsigned file is whitelisted by cloud lookup, what do you want to do?". User could choose sandbox. Actually, maybe a setting to bypass cloud lookup for unsigned and auto-sandbox them would be a good idea. VERY concerning that this can run uncontained without user knowledge that the file is not signed. More activity from Comodo, OK, but unsigned is unsafe, yes?
 
Likes: shmu26

shmu26

Level 62
Joined
Jul 3, 2015
Messages
5,143
OS
Windows 10
#66
This seems like a very logical solution to this kind of issue. Add a pop up for unsigned with a choice that said "unsigned file is whitelisted by cloud lookup, what do you want to do?". User could choose sandbox. Actually, maybe a setting to bypass cloud lookup for unsigned and auto-sandbox them would be a good idea. VERY concerning that this can run uncontained without user knowledge that the file is not signed. More activity from Comodo, OK, but unsigned is unsafe, yes?
The problem with this solution is that there are a lot of system files that are unsigned by Microsoft. So the user will get too many prompts.
 

AtlBo

Level 24
Joined
Dec 29, 2014
Messages
1,390
Antivirus
Qihoo 360
#67
OK, thanks for the information @shmu26. I didn't have that in perspective. I noticed that some apps aren't signed from MS such as Insomnia (anti-sleep app) and I think MouseWithoutBorders. I was a little bit surprised by that.

Stupid question, but shouldn't all MS files be signed? They are a signature provider I believe.
 
Last edited:
Likes: _CyberGhosT_

shmu26

Level 62
Joined
Jul 3, 2015
Messages
5,143
OS
Windows 10
#68
Stupid question, but shouldn't all MS files be signed? They are a signature provider I believe.
I wish I knew the answer to that. You would be surprised how many are not signed, though. For instance, powershell is not signed, and neither is cmd.exe. There are lots and lots of others. I don't quite get it, but that's the weird reality.
 
Joined
Feb 10, 2017
Messages
1,021
OS
Windows 10
Antivirus
Comodo
#70
A working Valkyrie implemented in CFW could help the analyst who made this blunder.

/W
It can also hinder. Valkyrie has a history of labelling legitimate applications as malware and vice versa. Doesn't happen often enough to be much of a problem but it's there. I put more faith in the analyst personally although obviously neither are perfect.
 
Last edited:

_CyberGhosT_

Level 52
Trusted
Joined
Aug 2, 2015
Messages
4,180
OS
Linux Mint
Antivirus
Default-Deny
#73
It can also hinder. Valkyrie has a history of labelling legitimate applications as malware and vice versa. Doesn't happen often enough to be much of a problem but it's there. I put more faith in the analyst personally although obviously neither are perfect.
Right, and all it takes is for one to get through no matter your skill level there is a chance for big
problems, I was big into Comodo when they launched in early 2000 (I think) I lost interest in their products but
I keep an ear to the ground on their progress, if they release something impressive I would give it a look
but nothing they have out now interests me.
 
Joined
Feb 10, 2017
Messages
1,021
OS
Windows 10
Antivirus
Comodo
#74
Right, and all it takes is for one to get through no matter your skill level there is a chance for big
problems, I was big into Comodo when they launched in early 2000 (I think) I lost interest in their products but
I keep an ear to the ground on their progress, if they release something impressive I would give it a look
but nothing they have out now interests me.
How could you not be impressed by the absolute masterpiece that is CCAV? :rolleyes:
 

shmu26

Level 62
Joined
Jul 3, 2015
Messages
5,143
OS
Windows 10
#77
Oh don't you worry. You'll be impressed when they release Comodo Cloud Antivirus Complete. CCAV in all its semi-functional glory... with a lifetime GeekBuddy subscription! :eek:
When I first installed Comodo, it failed to turn off Windows firewall, as is well known.
I decided to try the GeekBuddy support.
They told me it's no problem, you can run 2 firewalls at the same time.
That's it, fellas: GeekBuddy support is worth it at any price!
 
Joined
Feb 10, 2017
Messages
1,021
OS
Windows 10
Antivirus
Comodo
#78
When I first installed Comodo, it failed to turn off Windows firewall, as is well known.
I decided to try the GeekBuddy support.
They told me it's no problem, you can run 2 firewalls at the same time.
That's it, fellas: GeekBuddy support is worth it at any price!
"Double the firewall, double the protection!" ;)
 

shmu26

Level 62
Joined
Jul 3, 2015
Messages
5,143
OS
Windows 10
#79
But on a more serious note, Comodo Firewall has come a long way.
It works well, it can be quickly tweaked to a high level of protection (CS settings, for instance), and even this bypass does not actually do damage. Because at the bottom line, Comodo firewall blocks the payload from connecting out (at CS settings), or prompts the user about a network request (at the default settings of Proactive mode or Firewall mode).
Besides that, most users run a decent AV alongside of CFW, so in real life, the bypass would be nipped in the bud.
 

TheMalwareMaster

Level 19
Trusted
Joined
Jan 4, 2016
Messages
931
OS
Windows 10
Antivirus
Default-Deny
#80
@Av Gurus @cruelsister and all COMODO Firewall users: I figured out an easy way of preventing these whitelisted malware bypasses. I tested COMODO Firewall with cloud OFF and it was a pain when installing new software (blocking a lot of stuff, not usable).

This is an easy was to prevent these "whitelisted malware on the cloud". Just let the full cloud functionality on, open regedit and locate the key "ValidateAdminCodeSignatures". Set its value to 1 and reboot. This way, you will be able to install digitally signed software with no troubles, considering cloud is ON. You will block this "whitelisted malware", considering unsigned software won't be allowed to run. If you need to install some safe unsigned software, just set the value to 0, install it and then set it again to 1