D

Deleted member 2913

Comodo Autosandbox was on default settings?
Coz couple months back in one of my thread in Comodo software category I have mentioned deletevolume.exe (harmless sample) from testmypcsecurity site on execution is autosandboxed by Comodo & secondary drive gets deleted. And if I remember correctly you have replied could happen with default settings (not sure about your reply I have mentioned here). I will try to search the thread & reply here.

Update - I couldn't find the thread now. Anything changed regards to Autosandbox default like rules, etc... that secondary drive deletion were protected in your video?
I remember CIS version I had tested...AS default was Full Virt.
 
Last edited by a moderator:
  • Like
Reactions: Moose

Tony Cole

Level 27
For those who do not use sandboxes is there anything we can do to protect ourselves against these python based attacks. Which lead to API exploitation?
 
  • Like
Reactions: Moose

cruelsister

Level 36
Content Creator
Trusted
Verified
Guess I should have specified that I was using my suggested settings- sandboxed processes as Untrusted. As there is no reason not to harden the Box in this way- Not making this change is like never taking a Lamborghini out of First gear.

Tony- the issue with scripts in general is many Security products can't distinguish a legitimate script from a malicious one. This is a severe issue in the Enterprise space, and the cause of most of the recent breaches (and also the reason why many Corporations are switching from Traditional protection to solutions based on virtualization like FireEye and Palo Alto).
 
D

Deleted member 2913

Guess I should have specified that I was using my suggested settings- sandboxed processes as Untrusted. As there is no reason not to harden the Box in this way- Not making this change is like never taking a Lamborghini out of First gear.

Tony- the issue with scripts in general is many Security products can't distinguish a legitimate script from a malicious one. This is a severe issue in the Enterprise space, and the cause of most of the recent breaches (and also the reason why many Corporations are switching from Traditional protection to solutions based on virtualization like FireEye and Palo Alto).
So you maxed CIS settings.
Did you maxed Sandboxie settings too?
 
  • Like
Reactions: Moose

Tony Cole

Level 27
Yes the hospital I work at now employs virutal protection for data protection and medical records. Is Comodo now Windows 10 proof?
 
  • Like
Reactions: Moose
D

Deleted member 2913

SB doesn't have any such generalized setting.
Ok.

You test mostly modified CIS settings...thats good as it shows the power of CIS.

But would be good to see tests with default settings too... as there are many users like me those go with default settings & would like to see how default settings does against any/all threats....& default settings are kind of recommended settings for majority so defaults should be put to test more.
 
  • Like
Reactions: Cch123 and Moose

Terry Ganzi

Level 24
Verified
Ok.

You test mostly modified CIS settings...thats good as it shows the power of CIS.

But would be good to see tests with default settings too... as there are many users like me those go with default settings & would like to see how default settings does against any/all threats....& default settings are kind of recommended settings for majority so defaults should be put to test more.
But if you were following what Cruelsister post you will have found out that she don't recommend using default settings & why.
 

nissimezra

New Member
Pre-moderated
Great review.
Only offline backup can protect us now days.
 
Last edited by a moderator:
  • Like
Reactions: Moose

kmr1684

Level 3
Could you show the tweaks, necessary to additional protections?

Kind regards,
hi, like umbra said using and restriction setting of it depends on how you configure and based on your liking. if you asking me it is same like using and understanding how comodo works.nothing to add more on this learning curve, nobody will became perfect in one day, it will take years to become one, so have patience and fun in learning, only personal experience is the best teacher.

ps: if you learn how to use anti executable then you can understand what is happening in your pc then you will in full control over your system and understand if there is some thing wrong in it. this is not a joke but i pain full path nobody wants to take.
 

Av Gurus

Level 29
Trusted
Malware Hunter
Verified
We, on Croatian forum have some doubt.
When you test Sandboxie, Comodo sandbox was turned on or...?
If Comodo sandbox was turned on how did exploit, who is bypass Sandboxie, bypass Comodo sandbox?
 
D

Deleted member 178

not to say that Sandboxie is incompatible with Comodo sandbox. (well known fact on both Comodo and sandboxie forums)
You can see that the tray icon of Sbie doesnt keep the red dots (meaning no sandboxing is applied).

i sufffered this bug when i installed CIS and Sbie, Sbie couldn't protect my browser; in fact it even didn't start at all.

i didn't pay attention that both was running when i wrote my post earlier. it is by reading @Av Gurus' comment that i saw the issue.

so basically the test is irrelevant for checking Sbie protection. Sbie should have been tested alone with proper settings.
 

kmr1684

Level 3
not to say that Sandboxie is incompatible with Comodo sandbox. (well known fact on both Comodo and sandboxie forums)
You can see that the tray icon of Sbie doesnt keep the red dots (meaning no sandboxing is applied).

i sufffered this bug when i installed CIS and Sbie, Sbie couldn't protect my browser; in fact it even didn't start at all.

i didn't pay attention that both was running when i wrote my post earlier. it is by reading @Av Gurus' comment that i saw the issue.

so basically the test is irrelevant for checking Sbie protection. Sbie should have been tested alone with proper settings.
do you believe she going to accept it, well i do not know, but again, you know the answer. :D:p
 
  • Like
Reactions: Moose