Malware Hub Report MalwareTips - Comodo Report - November 2016

Status
Not open for further replies.

BoraMurdar

Community Manager
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Due to the small number of samples used in these tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to use.​

Comodo Internet Security Premium November 2016-page-001.jpg
Comodo Internet Security Premium November 2016-page-002.jpg

PDF

All credits to @Der.Reisende
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Comodo is living up to its reputation in this test. CIS should make users seeing this feel great confidence.

Excellent presentation and breakdown of the data and of test program settings. Anyone can read and understand the results. As Yash Khan says, outstanding work and thanks.
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Comodo is always good and put everything in sandbox (this is good if you test malware files but...) because of that I suggest that we make a False Positive test also...but others say no.
 

Der.Reisende

Level 45
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
what might have caused the one infection? Because it was not in proactive config?
The auto-sandbox didn't work on that sample. However both me and another member retested, and the sample was sandboxed fine (just before and after accepting UAC). No idea what went wrong.

Thank you both @Yash Khan and @AtlBo for your kind words, I hope I yam keep the standard :)
I switched to testing Dr. Web just because I was so tempted and couldn't find much on it. And as @Av Gurus said, it's hard to get infected with the sandbox working :)
CIS was also incredibly light on my system.
As for false positives, as long as the software is in the endless list of trusted vendors, you'll hardly see one. I had only one when a non-trusted game tried to access the Steam client to run (I bought it via Steam). Both were then autosandboxed.
 

Sven

Level 10
Verified
Well-known
Nov 5, 2013
478
@Der.Reisende Thank you very much for the awesome informations! Just a question, have you made any changes to the Auto-Sandbox which may not be stated in the PDF? Did you just make it "on" and left all the subvariants as they were, or changed it to "Restricted" or something? :)

Thanks and glad to see Comodo doing great! :)
 

Der.Reisende

Level 45
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
Great job :) Thanks for sharing!
Thank you :)

thanks for explanations, and thanks for the dedicated testing.

if HIPS had been enabled, what do you think would have happened?
alternatively, if COMODO had been in proactive config, do you think that would have made a difference?
You're welcome :)
I have tried HIPS for a very short time (~3 packs), messages did not appear very often. However, it seems as many malicious actions get blocked silently in the background, which makes it hard to track them down. With auto-sandbox, you can watch the samples rolling out their actions, as long as they don't detect the virtual environment, making them autoterminate.

@Der.Reisende Thank you very much for the awesome informations! Just a question, have you made any changes to the Auto-Sandbox which may not be stated in the PDF? Did you just make it "on" and left all the subvariants as they were, or changed it to "Restricted" or something? :)

Thanks and glad to see Comodo doing great! :)
You're welcome :)

I only turned the "auto-sandbox" exclusion for shared folders and the download folder off, as some ransomware scripts managed to hit other script files within the samples folder regardless sandboxing, however anything else was safe. As this was kinda annoying, I asked for help in the Comodo forum and was suggested to do exactly that.
Here's the bug report:
Malware vs Comodo Containtment ! - News / Announcements / Feedback - CIS

I did not alter the setting for auto-sandboxing, e.g. to "restricted", which should lead to anything crashing on run not being trusted and auto-sandboxed.

Yes, Comodo sandbox is easy to use but incredible powerful :) And their firewall is pretty talkative, perfect if you want to observe services calling out :)

As for installation, you have the option to "custom" install, I unticked the box to "show less alerts".

Everybody thank you for reading and showing so much interest :)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top