Advice Request Panda Free AV and COMODO Firewall - Is this a good combo?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Artificial intelligence

Level 1
Verified
Mar 20, 2017
20
ok, Panda Free AV and Comodo Firewall....In my own personal oppinion Panda Antivirus alone is not really great and its detection update in Virustotal is a little bit slow. I have never use Comodo firewall before..but based on the name it seems like you are focusing on Antivirus and Anti Network Instrusion combination. If it is what you are looking for from this two product..i'd say it is a good one. But if your concern is more on zero-day and unknown malware and sophisticated malware, if Comodo does not offer Application Whitelisting and Sandbox technology...then it is not the right one. You can try Voodooshield + Panda Free AV or like my home computer is protected with AVG + Voodooshield. What you need to combat against new, unknown and most sophisticated malware/ransomware while protected against all known malware - is VoodooShield + any free AV. It is very rare these days hackers hack your ports directly..instead, they use targetted attacks through emails, or websites that will trick you to download and execute malware. Seriously, it is up to you as long it has all the features that you want and can really protect you against zeroday or fresh malware.
Voodooshield is very bad, without self-protection cerber ransomware deactivates it and manages to pass Voodooshield, in this case COMODO Firewall is much better.
 

Artificial intelligence

Level 1
Verified
Mar 20, 2017
20
ok, Panda Free AV and Comodo Firewall....In my own personal oppinion Panda Antivirus alone is not really great and its detection update in Virustotal is a little bit slow. I have never use Comodo firewall before..but based on the name it seems like you are focusing on Antivirus and Anti Network Instrusion combination. If it is what you are looking for from this two product..i'd say it is a good one. But if your concern is more on zero-day and unknown malware and sophisticated malware, if Comodo does not offer Application Whitelisting and Sandbox technology...then it is not the right one. You can try Voodooshield + Panda Free AV or like my home computer is protected with AVG + Voodooshield. What you need to combat against new, unknown and most sophisticated malware/ransomware while protected against all known malware - is VoodooShield + any free AV. It is very rare these days hackers hack your ports directly..instead, they use targetted attacks through emails, or websites that will trick you to download and execute malware. Seriously, it is up to you as long it has all the features that you want and can really protect you against zeroday or fresh malware.
VoodooShield vs Cerber ransomware - Video Review - VoodooShield vs Cerber ransomware
 

brod56

Level 15
Verified
Top Poster
Well-known
Feb 13, 2017
737
Voodooshield is very bad, without self-protection cerber ransomware deactivates it and manages to pass Voodooshield, in this case COMODO Firewall is much better.

I have to disagree. If a Cerber file has at least 1 detection in VirusTotal (very likely) Voodoshield will block it straight away.
That video presented a vulnerability which has been already fixed. That file was specifically built to bypass Voodooshield.
 

Artificial intelligence

Level 1
Verified
Mar 20, 2017
20
I have to disagree. If a Cerber file has at least 1 detection in VirusTotal (very likely) Voodoshield will block it straight away.
That video presented a vulnerability which has been already fixed. That file was specifically built to bypass Voodooshield.
This can happen again if Voodooshield does not have self-protection.
 
  • Like
Reactions: Solarlynx

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
No program is perfect. Avast has self-protection, see how many ransomware get passed by it even in hardened mode.
self-protection has nothing to do with malware protection
ransomwares can bypass hardened mode because HM does not work with script files (.vbs, .js., .hta,...) just .exe. The bypasses came from scripts. Not many .exe malwares have bypassed avast as far as I observed
=> Hardened mode + disabling Windows script host + remind your self never execute any .vbs, .hta, .js, .jsw, or even .cmd,... => you are pretty much protected
 

brod56

Level 15
Verified
Top Poster
Well-known
Feb 13, 2017
737
self-protection has nothing to do with malware protection
ransomwares can bypass hardened mode because HM does not work with script files (.vbs, .js., .hta,...) just .exe. The bypasses came from scripts. Not many .exe malwares have bypassed avast as far as I observed
=> Hardened mode + disabling Windows script host + remind your self never execute any .vbs, .hta, .js, .jsw, or even .cmd,... => you are pretty much protected

Yeah I know. What I'm saying is that as there could be bypasses with .exe files in Avast Hardened Mode, the same applies for Voodoshield.
Of course the chance of even getting a malware file is minimum if we use our brain and don't run uncommon extension files (js, bat, etc).
 
  • Like
Reactions: Sunshine-boy

Emmanuellws

Level 3
Verified
Mar 11, 2017
132
wow I like this topic. hehehhe. Application whitelisting apps are based on MD5 hash. Voodooshield alone cannot defeat known malware that can stop Voodooshield's process, so pointing out a malware can bypass Voodooshield alone is useless because it is not an Antivirus so I have to agree with that but my post is about combining with AV so Artificial Inteligence...please read properly my post so to show some Intelligence, so we are in a thread talking about a combination of AV and Blocking of network intrusion/protection against zero day malware-hacking attacks..
 
Last edited:

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
(Oh God, do I just hate CCAV...)

But the best way to look at adding an AV to CF should be this:

1). Let's assume the maximum protection possible with a CF is 100
2). Comodo Firewall will be termed X
3). Any addon AV will be termed Y

So we can state and third party AV addition to CF by the following equation:

X + Y = 100

the crappier the AV used (the smaller the Y value), the more work will be done by CF. The better the AV (higher Y value) the less work by CF needs to be done.

(did that make any sense at all? It's been a REALLY long day...)
 

Solarlynx

Level 15
Verified
Top Poster
Well-known
Apr 30, 2012
711
You see, Y must cover what misses X, so in most cases it happens, but not in all. Keeping the units, I would change the formula to
[ 1 - (1-X/100) * (1-Y/100) ]*100 so Y covers some gap of X but not up to 100.

(Yeah, and have rest, sister.)
 
  • Like
Reactions: Tiny and frogboy
D

Deleted member 178

Actually it really does not matter what AV will be run with Comodo (as long as there are no conflicts, of course). With no AV at all the Sandbox will do all of the work; with the best AV (fill in your favorite here) the Sandbox will do less work. Either way you will be protected and this is the goal of any security setup.

Indeed, i would only use Comodo IS or Comodo FW + Windows Defender. With Comodo, no need 3rd party AVs (unless you need a special feature).

But Panda would be fine if only for the cute panda face in the tray.
i don't know why, but i expected this kind of observation :p

I have never use Comodo firewall before..but based on the name it seems like you are focusing on Antivirus and Anti Network Instrusion combination. If it is what you are looking for from this two product..i'd say it is a good one. But if your concern is more on zero-day and unknown malware and sophisticated malware, if Comodo does not offer Application Whitelisting and Sandbox technology.

Comodo :

- AV (if Internet Security version)
- Firewall
- HIPS
- Behavior Blocker (based on rules, opposed to its HIPS)
- Full virtualization sandbox

Comodo is one of the strongest solution; if set properly, it is as good as Appguard.

if you don't know it , would be good for you to start here: Comodo
 
F

ForgottenSeer 19494

Oh that tread has too much of formulas for my little head. :eek::D I haven't really taken a look at VoodooShield, but as far as i see it it is something which uses a blacklist/whitelist like SecurAPlus. I really believe that Comodo can do it's job alone, especially when the fileless protection (a.k.a Embedded code detection) is on as well. If you use Comodo Internet Security then you have an AV against the known threats. But why i use Avast with Comodo firewall and not Comodo IS - because of their URL:Mal checking for all software, not only browsers + intelligent stream scanning, because of the good script protection, because of the well implemented SSL scanning, because of the AvEmUpdate and their fast monthy agile way of development, because of the extensive beta testing. Also because of the multiple layer model they use and the fact that i like such models. Because of the very promising CyberCapture (what they are trying to do is to create something like Panda's paid Adaptive Defense but for free although they need more work). This is a very solid combo, but not at all paranoid, very easy to use when you know your way around it. No protection is 100 percent secure, it might be penetrable by state-sponsored hackers, but i don't pretend i am something more than a normal person and don't really believe that it is so much important to spend that much time to penetrate it. Good and very light additions are Malwarebytes Anti-Exploit Premium and 0patch + KC Software's SUMo. Though there is an incompatibility with Comodo and 0patch for now which is currently being worked on.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
self-protection has nothing to do with malware protection
ransomwares can bypass hardened mode because HM does not work with script files (.vbs, .js., .hta,...) just .exe. The bypasses came from scripts. Not many .exe malwares have bypassed avast as far as I observed
=> Hardened mode + disabling Windows script host + remind your self never execute any .vbs, .hta, .js, .jsw, or even .cmd,... => you are pretty much protected
Ever experienced malware somehow reactivating or bypassing WSH when it's disabled? Apparently there's a way to bypass powershell if it's disabled via registry so I was wondering if there's any similar bypass for WSH.
 
Last edited:
  • Like
Reactions: Sunshine-boy

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Ever experienced malware somehow reactivating or bypassing WSH when it's disabled? Apparently there's a way to bypass powershell if it's disabled via registry so I was wondering if there's any similar bypass for WSH.
malwares may change the registry key and re-enable WSH and powershell. It's definitely possible
I'm aware of this problem so I used process lasso to disallow those processes + used firewall to block them connecting to the internet + (blacklist the process in the AV or rename the extension of the processes)
 
  • Like
Reactions: Sunshine-boy

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
malwares may change the registry key and re-enable WSH and powershell. It's definitely possible
I'm aware of this problem so I used process lasso to disallow those processes + used firewall to block them connecting to the internet + (blacklist the process in the AV or rename the extension of the processes)
lol even god can't enable it again:p
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
malwares may change the registry key and re-enable WSH and powershell. It's definitely possible
I'm aware of this problem so I used process lasso to disallow those processes + used firewall to block them connecting to the internet + (blacklist the process in the AV or rename the extension of the processes)
Got it. I'd imagine malware would probably have to do something real fancy to be able to execute with aggressive hardened mode enabled and WSH disabled anyway. I'm running this setup at the moment since CF died on me. I should probably disable powershell too just to be sure. (Even if it won't be able to drop its payload I say better safe than sorry. :p)
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top