Voodooshield is very bad, without self-protection cerber ransomware deactivates it and manages to pass Voodooshield, in this case COMODO Firewall is much better.
Panda Free AV and COMODO Firewall - Is this a good combo?
- Thread starter Jashin
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Status
- Feb 13, 2017
- 737
I have to disagree. If a Cerber file has at least 1 detection in VirusTotal (very likely) Voodoshield will block it straight away.
That video presented a vulnerability which has been already fixed. That file was specifically built to bypass Voodooshield.
This can happen again if Voodooshield does not have self-protection.
- Feb 13, 2017
- 737
No program is perfect. Avast has self-protection, see how many ransomware get passed by it even in hardened mode.
self-protection has nothing to do with malware protection
ransomwares can bypass hardened mode because HM does not work with script files (.vbs, .js., .hta,...) just .exe. The bypasses came from scripts. Not many .exe malwares have bypassed avast as far as I observed
=> Hardened mode + disabling Windows script host + remind your self never execute any .vbs, .hta, .js, .jsw, or even .cmd,... => you are pretty much protected
- Feb 13, 2017
- 737
Yeah I know. What I'm saying is that as there could be bypasses with .exe files in Avast Hardened Mode, the same applies for Voodoshield.
Of course the chance of even getting a malware file is minimum if we use our brain and don't run uncommon extension files (js, bat, etc).
- Mar 11, 2017
- 132
wow I like this topic. hehehhe. Application whitelisting apps are based on MD5 hash. Voodooshield alone cannot defeat known malware that can stop Voodooshield's process, so pointing out a malware can bypass Voodooshield alone is useless because it is not an Antivirus so I have to agree with that but my post is about combining with AV so Artificial Inteligence...please read properly my post so to show some Intelligence, so we are in a thread talking about a combination of AV and Blocking of network intrusion/protection against zero day malware-hacking attacks..
Last edited:
- Mar 11, 2017
- 132
Really agree...but I need some AI to think...we are in a thread about combination of 2 software....so this is not helping the original thread post.
- Apr 13, 2013
- 3,224
(Oh God, do I just hate CCAV...)
But the best way to look at adding an AV to CF should be this:
1). Let's assume the maximum protection possible with a CF is 100
2). Comodo Firewall will be termed X
3). Any addon AV will be termed Y
So we can state and third party AV addition to CF by the following equation:
X + Y = 100
the crappier the AV used (the smaller the Y value), the more work will be done by CF. The better the AV (higher Y value) the less work by CF needs to be done.
(did that make any sense at all? It's been a REALLY long day...)
But the best way to look at adding an AV to CF should be this:
1). Let's assume the maximum protection possible with a CF is 100
2). Comodo Firewall will be termed X
3). Any addon AV will be termed Y
So we can state and third party AV addition to CF by the following equation:
X + Y = 100
the crappier the AV used (the smaller the Y value), the more work will be done by CF. The better the AV (higher Y value) the less work by CF needs to be done.
(did that make any sense at all? It's been a REALLY long day...)
- Apr 30, 2012
- 711
You see, Y must cover what misses X, so in most cases it happens, but not in all. Keeping the units, I would change the formula to
[ 1 - (1-X/100) * (1-Y/100) ]*100 so Y covers some gap of X but not up to 100.
(Yeah, and have rest, sister.)
[ 1 - (1-X/100) * (1-Y/100) ]*100 so Y covers some gap of X but not up to 100.
(Yeah, and have rest, sister.)
Indeed, i would only use Comodo IS or Comodo FW + Windows Defender. With Comodo, no need 3rd party AVs (unless you need a special feature).
i don't know why, but i expected this kind of observation
Comodo :
- AV (if Internet Security version)
- Firewall
- HIPS
- Behavior Blocker (based on rules, opposed to its HIPS)
- Full virtualization sandbox
Comodo is one of the strongest solution; if set properly, it is as good as Appguard.
if you don't know it , would be good for you to start here: Comodo
Oh that tread has too much of formulas for my little head. I haven't really taken a look at VoodooShield, but as far as i see it it is something which uses a blacklist/whitelist like SecurAPlus. I really believe that Comodo can do it's job alone, especially when the fileless protection (a.k.a Embedded code detection) is on as well. If you use Comodo Internet Security then you have an AV against the known threats. But why i use Avast with Comodo firewall and not Comodo IS - because of their URL:Mal checking for all software, not only browsers + intelligent stream scanning, because of the good script protection, because of the well implemented SSL scanning, because of the AvEmUpdate and their fast monthy agile way of development, because of the extensive beta testing. Also because of the multiple layer model they use and the fact that i like such models. Because of the very promising CyberCapture (what they are trying to do is to create something like Panda's paid Adaptive Defense but for free although they need more work). This is a very solid combo, but not at all paranoid, very easy to use when you know your way around it. No protection is 100 percent secure, it might be penetrable by state-sponsored hackers, but i don't pretend i am something more than a normal person and don't really believe that it is so much important to spend that much time to penetrate it. Good and very light additions are Malwarebytes Anti-Exploit Premium and 0patch + KC Software's SUMo. Though there is an incompatibility with Comodo and 0patch for now which is currently being worked on.
I haven't really taken a look at VoodooShield, but as far as i see it it is something which uses a blacklist/whitelist like SecurAPlus. I really believe that Comodo can do it's job alone, especially when the fileless protection (a.k.a Embedded code detection) is on as well. If you use Comodo Internet Security then you have an AV against the known threats. But why i use Avast with Comodo firewall and not Comodo IS - because of their URL:Mal checking for all software, not only browsers + intelligent stream scanning, because of the good script protection, because of the well implemented SSL scanning, because of the AvEmUpdate and their fast monthy agile way of development, because of the extensive beta testing. Also because of the multiple layer model they use and the fact that i like such models. Because of the very promising CyberCapture (what they are trying to do is to create something like Panda's paid Adaptive Defense but for free although they need more work). This is a very solid combo, but not at all paranoid, very easy to use when you know your way around it. No protection is 100 percent secure, it might be penetrable by state-sponsored hackers, but i don't pretend i am something more than a normal person and don't really believe that it is so much important to spend that much time to penetrate it. Good and very light additions are Malwarebytes Anti-Exploit Premium and 0patch + KC Software's SUMo. Though there is an incompatibility with Comodo and 0patch for now which is currently being worked on.Ever experienced malware somehow reactivating or bypassing WSH when it's disabled? Apparently there's a way to bypass powershell if it's disabled via registry so I was wondering if there's any similar bypass for WSH.
Last edited:
malwares may change the registry key and re-enable WSH and powershell. It's definitely possible
I'm aware of this problem so I used process lasso to disallow those processes + used firewall to block them connecting to the internet + (blacklist the process in the AV or rename the extension of the processes)
- Apr 1, 2017
- 1,782
lol even god can't enable it again
Got it. I'd imagine malware would probably have to do something real fancy to be able to execute with aggressive hardened mode enabled and WSH disabled anyway. I'm running this setup at the moment since CF died on me. I should probably disable powershell too just to be sure. (Even if it won't be able to drop its payload I say better safe than sorry.
)
Last edited:
- Status
Similar threads
