Q&A Panda Free AV and COMODO Firewall - Is this a good combo?

Discussion in 'Panda' started by Jashin, Nov 27, 2016.

  1. Artificial intelligence

    Mar 20, 2017
    20
    50
    Barcelona
    Windows 10
    Kaspersky
    Voodooshield is very bad, without self-protection cerber ransomware deactivates it and manages to pass Voodooshield, in this case COMODO Firewall is much better.
     
    Behold Eck and Sunshine-boy like this.
  2. Artificial intelligence

    Mar 20, 2017
    20
    50
    Barcelona
    Windows 10
    Kaspersky
    VoodooShield vs Cerber ransomware - Video Review - VoodooShield vs Cerber ransomware
     
    Sunshine-boy, Solarlynx and frogboy like this.
  3. brod56

    brod56 Level 11

    Feb 13, 2017
    544
    1,522
    Studant
    Portugal
    Windows 10
    Default-Deny
    I have to disagree. If a Cerber file has at least 1 detection in VirusTotal (very likely) Voodoshield will block it straight away.
    That video presented a vulnerability which has been already fixed. That file was specifically built to bypass Voodooshield.
     
    Sunshine-boy and Solarlynx like this.
  4. Artificial intelligence

    Mar 20, 2017
    20
    50
    Barcelona
    Windows 10
    Kaspersky
    This can happen again if Voodooshield does not have self-protection.
     
    Solarlynx likes this.
  5. brod56

    brod56 Level 11

    Feb 13, 2017
    544
    1,522
    Studant
    Portugal
    Windows 10
    Default-Deny
    No program is perfect. Avast has self-protection, see how many ransomware get passed by it even in hardened mode.
     
    Solarlynx and Emmanuellws like this.
  6. Evjl's Rain

    Evjl's Rain Level 29
    Trusted AV Tester

    Apr 18, 2016
    1,802
    13,187
    Vietnam
    Windows 8.1
    Avast
    self-protection has nothing to do with malware protection
    ransomwares can bypass hardened mode because HM does not work with script files (.vbs, .js., .hta,...) just .exe. The bypasses came from scripts. Not many .exe malwares have bypassed avast as far as I observed
    => Hardened mode + disabling Windows script host + remind your self never execute any .vbs, .hta, .js, .jsw, or even .cmd,... => you are pretty much protected
     
  7. brod56

    brod56 Level 11

    Feb 13, 2017
    544
    1,522
    Studant
    Portugal
    Windows 10
    Default-Deny
    Yeah I know. What I'm saying is that as there could be bypasses with .exe files in Avast Hardened Mode, the same applies for Voodoshield.
    Of course the chance of even getting a malware file is minimum if we use our brain and don't run uncommon extension files (js, bat, etc).
     
    Sunshine-boy likes this.
  8. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    265
    Malaysia
    Windows 7
    Panda
    #28 Emmanuellws, Apr 7, 2017
    Last edited: Apr 7, 2017
    wow I like this topic. hehehhe. Application whitelisting apps are based on MD5 hash. Voodooshield alone cannot defeat known malware that can stop Voodooshield's process, so pointing out a malware can bypass Voodooshield alone is useless because it is not an Antivirus so I have to agree with that but my post is about combining with AV so Artificial Inteligence...please read properly my post so to show some Intelligence, so we are in a thread talking about a combination of AV and Blocking of network intrusion/protection against zero day malware-hacking attacks..
     
  9. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    265
    Malaysia
    Windows 7
    Panda
    Really agree...but I need some AI to think...we are in a thread about combination of 2 software....so this is not helping the original thread post.
     
    frogboy, Solarlynx and Sunshine-boy like this.
  10. cruelsister

    cruelsister Level 32
    Trusted

    Apr 13, 2013
    2,131
    12,419
    NYC
    (Oh God, do I just hate CCAV...)

    But the best way to look at adding an AV to CF should be this:

    1). Let's assume the maximum protection possible with a CF is 100
    2). Comodo Firewall will be termed X
    3). Any addon AV will be termed Y

    So we can state and third party AV addition to CF by the following equation:

    X + Y = 100

    the crappier the AV used (the smaller the Y value), the more work will be done by CF. The better the AV (higher Y value) the less work by CF needs to be done.

    (did that make any sense at all? It's been a REALLY long day...)
     
    Behold Eck, liubomirwm, lab34 and 4 others like this.
  11. Solarlynx

    Solarlynx Level 14

    Apr 30, 2012
    684
    2,263
    You see, Y must cover what misses X, so in most cases it happens, but not in all. Keeping the units, I would change the formula to
    [ 1 - (1-X/100) * (1-Y/100) ]*100 so Y covers some gap of X but not up to 100.

    (Yeah, and have rest, sister.)
     
    Tiny and frogboy like this.
  12. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,650
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Indeed, i would only use Comodo IS or Comodo FW + Windows Defender. With Comodo, no need 3rd party AVs (unless you need a special feature).

    i don't know why, but i expected this kind of observation :p

    Comodo :

    - AV (if Internet Security version)
    - Firewall
    - HIPS
    - Behavior Blocker (based on rules, opposed to its HIPS)
    - Full virtualization sandbox

    Comodo is one of the strongest solution; if set properly, it is as good as Appguard.

    if you don't know it , would be good for you to start here: Comodo
     
    LuciusHaydn, Sunshine-boy and Tiny like this.
  13. liubomirwm

    liubomirwm Level 5

    Mar 1, 2014
    224
    559
    Student
    Status Excessu
    Windows 10
    Microsoft
    Oh that tread has too much of formulas for my little head. :eek::D I haven't really taken a look at VoodooShield, but as far as i see it it is something which uses a blacklist/whitelist like SecurAPlus. I really believe that Comodo can do it's job alone, especially when the fileless protection (a.k.a Embedded code detection) is on as well. If you use Comodo Internet Security then you have an AV against the known threats. But why i use Avast with Comodo firewall and not Comodo IS - because of their URL:Mal checking for all software, not only browsers + intelligent stream scanning, because of the good script protection, because of the well implemented SSL scanning, because of the AvEmUpdate and their fast monthy agile way of development, because of the extensive beta testing. Also because of the multiple layer model they use and the fact that i like such models. Because of the very promising CyberCapture (what they are trying to do is to create something like Panda's paid Adaptive Defense but for free although they need more work). This is a very solid combo, but not at all paranoid, very easy to use when you know your way around it. No protection is 100 percent secure, it might be penetrable by state-sponsored hackers, but i don't pretend i am something more than a normal person and don't really believe that it is so much important to spend that much time to penetrate it. Good and very light additions are Malwarebytes Anti-Exploit Premium and 0patch + KC Software's SUMo. Though there is an incompatibility with Comodo and 0patch for now which is currently being worked on.
     
    Sunshine-boy and Emmanuellws like this.
  14. Arequire

    Arequire Level 18

    Feb 10, 2017
    898
    2,803
    United Kingdom
    Windows 7
    Default-Deny
    #34 Arequire, Apr 8, 2017
    Last edited: Apr 8, 2017
    Ever experienced malware somehow reactivating or bypassing WSH when it's disabled? Apparently there's a way to bypass powershell if it's disabled via registry so I was wondering if there's any similar bypass for WSH.
     
    Sunshine-boy likes this.
  15. Evjl's Rain

    Evjl's Rain Level 29
    Trusted AV Tester

    Apr 18, 2016
    1,802
    13,187
    Vietnam
    Windows 8.1
    Avast
    malwares may change the registry key and re-enable WSH and powershell. It's definitely possible
    I'm aware of this problem so I used process lasso to disallow those processes + used firewall to block them connecting to the internet + (blacklist the process in the AV or rename the extension of the processes)
     
    Sunshine-boy likes this.
  16. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,171
    5,189
    IRAN
    Windows 10
    ESET
    lol even god can't enable it again:p
     
    liubomirwm and Evjl's Rain like this.
  17. Arequire

    Arequire Level 18

    Feb 10, 2017
    898
    2,803
    United Kingdom
    Windows 7
    Default-Deny
    #37 Arequire, Apr 8, 2017
    Last edited: Apr 8, 2017
    Got it. I'd imagine malware would probably have to do something real fancy to be able to execute with aggressive hardened mode enabled and WSH disabled anyway. I'm running this setup at the moment since CF died on me. I should probably disable powershell too just to be sure. (Even if it won't be able to drop its payload I say better safe than sorry. :p)
     
    Evjl's Rain and Sunshine-boy like this.
Loading...
Similar Threads Forum Date
Video Review Panda Cloud Av + avast free + Comodo Firewall with HIPS COMBO Video Reviews Jan 6, 2012
Help Me Decide Panda Cloud Antivirus free + Comodo Firewall or Avast! 6 Free + Zone Alarm 10 Free Compare Apps Archive Oct 26, 2011
Panda Security: Beware Malware-Free Attacks in 2018 Security News Nov 24, 2017