Signed Malware & Antivirus Detection

Moonhorse

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
notabot said:
Signed malware on home users has happened, with ccleaner
Click to expand...
Then run cf + some good antivirus with very good behaviour blocker/ system monitor to take care of it, comodo does rest

1. how often do you download things? Just use portable ccleaner etc. Its very rare and unlikely to get infected anyhow if you really think it

2. have backup incase this very rare case happens


notabot said:
Does it auto sandbox even things not initiated by explorer/shell so suppose someone exploits my browser to run something remote - will it be sandboxed ?
Click to expand...
In comodo cloud antivirus theres browser protection, wich will prevent the changes and any rat that runs in sandbox cant connect since it has no access to internet connection


Il just use comodo because it will inform me because of sandbox , compared to auto allow antivirus
 
N

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
How does comodo fare with svchost or rundll32 ? Does it just whitelist anythung running via svchost or it does check the underlying process ?
 
DeepWeb

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Trusted Application Mode in Kaspersky
Set all unknown applications to be denied by default.
Don't experiment with new unknown programs until you have done the research on them. Stick to downloading from trusted sources and you should be fine. What is the Internet saying about that program? Upload to VirusTotal. Your best defense is brain.exe.
 
  • Like
Reactions: noob guy and harlan4096
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
notabot said:
How does comodo fare with svchost or rundll32 ? Does it just whitelist anythung running via svchost or it does check the underlying process ?
Click to expand...
If HIPS is active it'll alert about the malware wanting control over a valid process.
If you're using Cruelsister's configuration, the malware will be sandboxed before it's able to inject into svchost/rundll and won't have access to either legitimate processes.
 
Last edited:
  • Like
Reactions: notabot and harlan4096
K

kylprq

Level 4
Verified
Jul 26, 2018
147
notabot said:
How does comodo fare with svchost or rundll32 ? Does it just whitelist anythung running via svchost or it does check the underlying process ?
Click to expand...

in blocked apps sometimes i see svchost blocked hips or firewall sometimes both and sometimes it runs svchost virtually so if malicious process it blocks
 
  • Like
Reactions: notabot

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
    • Sad
Scams & Phishing News Phishing emails increasingly use SVG attachments to evade detection
Replies
0
Views
449
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
    • Wow
Malware News Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs
Replies
13
Views
2,961
Security News
Trident
Trident
Trident
    • Like
    • Applause
Serious Discussion FinalAV - British Startup Offering Containment for Unsigned Processes
Replies
4
Views
773
Other security for Windows, Mac, Linux
lain
lain

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top