Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Olympic Destroyer vs Comodo Firewall
Message
<blockquote data-quote="Evjl&#039;s Rain" data-source="post: 711890" data-attributes="member: 51905"><p>after watching several videos CS has posted, I know CF is one of the best, if not the best security tool to lockdown the system. I'm no longer impressed anymore because CF does what it can do</p><p></p><p>however, I think should be used in a different way other than executing a malware inside the sandbox, as Sunshine-boy said, we don't notice any malicious activity inside the sandbox, unless the malwares are cryptominers, crash or spawn so many processes that can be noticed. Because of CS's settings, even safe apps with an UI can crash and show nothing</p><p></p><p>I think CF should be used as following:</p><p>1/ exploit shield, when malwares try to download their payloads, CF will block them => something is clearly malicious and deserves user's intervention</p><p>2/ When an user executes a random file</p><p>- if CF allows the file to run because it is whitelisted by cloud or TVL => let the file runs</p><p>- if the file is sandboxed and crashes due to CS's configuration (untrusted or highly restricted), the file can either be safe or malicious. The user has to do several steps to determine the safety of that file (VM, VT, hybrid-analysis, sandboxie without no restriction,...) or pray and run the file outside the sandbox</p><p></p><p>for now, I'm using CF's sandbox as an exploit shield to block malware payloads</p><p>CF is extremely prone to FPs, especially for non-english, french or spanish applications (non-commonly speaking languages). In fact, I had to whitelist <strong>at least 10 times per day</strong> when I was installing or updating my applications</p><p></p><p>the 2/ is clearly not for average users and it's not security, it's troublemaker</p></blockquote><p></p>
[QUOTE="Evjl's Rain, post: 711890, member: 51905"] after watching several videos CS has posted, I know CF is one of the best, if not the best security tool to lockdown the system. I'm no longer impressed anymore because CF does what it can do however, I think should be used in a different way other than executing a malware inside the sandbox, as Sunshine-boy said, we don't notice any malicious activity inside the sandbox, unless the malwares are cryptominers, crash or spawn so many processes that can be noticed. Because of CS's settings, even safe apps with an UI can crash and show nothing I think CF should be used as following: 1/ exploit shield, when malwares try to download their payloads, CF will block them => something is clearly malicious and deserves user's intervention 2/ When an user executes a random file - if CF allows the file to run because it is whitelisted by cloud or TVL => let the file runs - if the file is sandboxed and crashes due to CS's configuration (untrusted or highly restricted), the file can either be safe or malicious. The user has to do several steps to determine the safety of that file (VM, VT, hybrid-analysis, sandboxie without no restriction,...) or pray and run the file outside the sandbox for now, I'm using CF's sandbox as an exploit shield to block malware payloads CF is extremely prone to FPs, especially for non-english, french or spanish applications (non-commonly speaking languages). In fact, I had to whitelist [B]at least 10 times per day[/B] when I was installing or updating my applications the 2/ is clearly not for average users and it's not security, it's troublemaker [/QUOTE]
Insert quotes…
Verification
Post reply
Top
