App Review Malware bypass Comodo Firewall @ CS settings

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
D

Deleted member 178

Uhhh wait... Now I'm confused.... Why this video then, and why your setup which no longer includes Comodo?
Because:
1- Comodo has a 10 years old bug, that make all rules disappear, and when you spent hours making them it is quite annoying, of course i could import them again, but the fact that this bug is still present irritate me to the most.
2- i use Appguard, which give me the same level of protection than Comodo without the hassle to configure everything and answering alerts.
 

woodrowbone

Level 10
Verified
Dec 24, 2011
480
Has anyone pointed this out on the comodo forums yet or not? if not , I will post this at the forums if that is ok? cruesister is on the road for sometime , so I do not know when she is able to reply back to this thread.

Hi Trickster,
Did you report it?
If you did, could you give us a link?

If you reported it to their forums of course :)

/W
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Actually Comodo should provide much careful on the connection of components; for example even the program is trusted however a pop-up should shown about missing digital signature or other information.

This seems like a very logical solution to this kind of issue. Add a pop up for unsigned with a choice that said "unsigned file is whitelisted by cloud lookup, what do you want to do?". User could choose sandbox. Actually, maybe a setting to bypass cloud lookup for unsigned and auto-sandbox them would be a good idea. VERY concerning that this can run uncontained without user knowledge that the file is not signed. More activity from Comodo, OK, but unsigned is unsafe, yes?
 
  • Like
Reactions: shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
This seems like a very logical solution to this kind of issue. Add a pop up for unsigned with a choice that said "unsigned file is whitelisted by cloud lookup, what do you want to do?". User could choose sandbox. Actually, maybe a setting to bypass cloud lookup for unsigned and auto-sandbox them would be a good idea. VERY concerning that this can run uncontained without user knowledge that the file is not signed. More activity from Comodo, OK, but unsigned is unsafe, yes?
The problem with this solution is that there are a lot of system files that are unsigned by Microsoft. So the user will get too many prompts.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
OK, thanks for the information @shmu26. I didn't have that in perspective. I noticed that some apps aren't signed from MS such as Insomnia (anti-sleep app) and I think MouseWithoutBorders. I was a little bit surprised by that.

Stupid question, but shouldn't all MS files be signed? They are a signature provider I believe.
 
Last edited:
  • Like
Reactions: _CyberGhosT_

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Stupid question, but shouldn't all MS files be signed? They are a signature provider I believe.
I wish I knew the answer to that. You would be surprised how many are not signed, though. For instance, powershell is not signed, and neither is cmd.exe. There are lots and lots of others. I don't quite get it, but that's the weird reality.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
A working Valkyrie implemented in CFW could help the analyst who made this blunder.

/W
It can also hinder. Valkyrie has a history of labelling legitimate applications as malware and vice versa. Doesn't happen often enough to be much of a problem but it's there. I put more faith in the analyst personally although obviously neither are perfect.
 
Last edited:

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
It can also hinder. Valkyrie has a history of labelling legitimate applications as malware and vice versa. Doesn't happen often enough to be much of a problem but it's there. I put more faith in the analyst personally although obviously neither are perfect.
Right, and all it takes is for one to get through no matter your skill level there is a chance for big
problems, I was big into Comodo when they launched in early 2000 (I think) I lost interest in their products but
I keep an ear to the ground on their progress, if they release something impressive I would give it a look
but nothing they have out now interests me.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
Right, and all it takes is for one to get through no matter your skill level there is a chance for big
problems, I was big into Comodo when they launched in early 2000 (I think) I lost interest in their products but
I keep an ear to the ground on their progress, if they release something impressive I would give it a look
but nothing they have out now interests me.
How could you not be impressed by the absolute masterpiece that is CCAV? :rolleyes:
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Oh don't you worry. You'll be impressed when they release Comodo Cloud Antivirus Complete. CCAV in all its semi-functional glory... with a lifetime GeekBuddy subscription! :eek:
When I first installed Comodo, it failed to turn off Windows firewall, as is well known.
I decided to try the GeekBuddy support.
They told me it's no problem, you can run 2 firewalls at the same time.
That's it, fellas: GeekBuddy support is worth it at any price!
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
When I first installed Comodo, it failed to turn off Windows firewall, as is well known.
I decided to try the GeekBuddy support.
They told me it's no problem, you can run 2 firewalls at the same time.
That's it, fellas: GeekBuddy support is worth it at any price!
"Double the firewall, double the protection!" ;)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
But on a more serious note, Comodo Firewall has come a long way.
It works well, it can be quickly tweaked to a high level of protection (CS settings, for instance), and even this bypass does not actually do damage. Because at the bottom line, Comodo firewall blocks the payload from connecting out (at CS settings), or prompts the user about a network request (at the default settings of Proactive mode or Firewall mode).
Besides that, most users run a decent AV alongside of CFW, so in real life, the bypass would be nipped in the bud.
 

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
@Av Gurus @cruelsister and all COMODO Firewall users: I figured out an easy way of preventing these whitelisted malware bypasses. I tested COMODO Firewall with cloud OFF and it was a pain when installing new software (blocking a lot of stuff, not usable).

This is an easy was to prevent these "whitelisted malware on the cloud". Just let the full cloud functionality on, open regedit and locate the key "ValidateAdminCodeSignatures". Set its value to 1 and reboot. This way, you will be able to install digitally signed software with no troubles, considering cloud is ON. You will block this "whitelisted malware", considering unsigned software won't be allowed to run. If you need to install some safe unsigned software, just set the value to 0, install it and then set it again to 1
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top