Moonhorse

Level 24
Content Creator
Verified
Signed malware on home users has happened, with ccleaner
Then run cf + some good antivirus with very good behaviour blocker/ system monitor to take care of it, comodo does rest

1. how often do you download things? Just use portable ccleaner etc. Its very rare and unlikely to get infected anyhow if you really think it

2. have backup incase this very rare case happens


Does it auto sandbox even things not initiated by explorer/shell so suppose someone exploits my browser to run something remote - will it be sandboxed ?
In comodo cloud antivirus theres browser protection, wich will prevent the changes and any rat that runs in sandbox cant connect since it has no access to internet connection


Il just use comodo because it will inform me because of sandbox , compared to auto allow antivirus
 

notabot

Level 8
How does comodo fare with svchost or rundll32 ? Does it just whitelist anythung running via svchost or it does check the underlying process ?
 

DeepWeb

Level 22
Verified
Trusted Application Mode in Kaspersky
Set all unknown applications to be denied by default.
Don't experiment with new unknown programs until you have done the research on them. Stick to downloading from trusted sources and you should be fine. What is the Internet saying about that program? Upload to VirusTotal. Your best defense is brain.exe.
 

Arequire

Level 23
Content Creator
Verified
How does comodo fare with svchost or rundll32 ? Does it just whitelist anythung running via svchost or it does check the underlying process ?
If HIPS is active it'll alert about the malware wanting control over a valid process.
If you're using Cruelsister's configuration, the malware will be sandboxed before it's able to inject into svchost/rundll and won't have access to either legitimate processes.
 
Last edited:

kylprq

Level 3
How does comodo fare with svchost or rundll32 ? Does it just whitelist anythung running via svchost or it does check the underlying process ?
in blocked apps sometimes i see svchost blocked hips or firewall sometimes both and sometimes it runs svchost virtually so if malicious process it blocks
 
  • Like
Reactions: notabot

Similar Threads

Similar Threads