Moonhorse

Level 22
Content Creator
Verified
Joined
May 29, 2018
Messages
1,176
Operating System
Windows 10
Antivirus
Windows Defender
#41
Signed malware on home users has happened, with ccleaner
Then run cf + some good antivirus with very good behaviour blocker/ system monitor to take care of it, comodo does rest

1. how often do you download things? Just use portable ccleaner etc. Its very rare and unlikely to get infected anyhow if you really think it

2. have backup incase this very rare case happens


Does it auto sandbox even things not initiated by explorer/shell so suppose someone exploits my browser to run something remote - will it be sandboxed ?
In comodo cloud antivirus theres browser protection, wich will prevent the changes and any rat that runs in sandbox cant connect since it has no access to internet connection


Il just use comodo because it will inform me because of sandbox , compared to auto allow antivirus
 
Joined
Jul 26, 2018
Messages
65
Operating System
Windows 8.1
Antivirus
Comodo
#44
In comodo cloud antivirus theres browser protection, wich will prevent the changes and any rat that runs in sandbox cant connect since it has no access to internet connection
comodo firewall too
 
Joined
Oct 31, 2018
Messages
206
Operating System
Windows 10
Antivirus
Sophos
#45
How does comodo fare with svchost or rundll32 ? Does it just whitelist anythung running via svchost or it does check the underlying process ?
 

DeepWeb

Level 21
Verified
Joined
Jul 1, 2017
Messages
1,061
Operating System
Windows 10
Antivirus
Kaspersky
#46
Trusted Application Mode in Kaspersky
Set all unknown applications to be denied by default.
Don't experiment with new unknown programs until you have done the research on them. Stick to downloading from trusted sources and you should be fine. What is the Internet saying about that program? Upload to VirusTotal. Your best defense is brain.exe.
 

Arequire

Level 22
Content Creator
Verified
Joined
Feb 10, 2017
Messages
1,161
#47
How does comodo fare with svchost or rundll32 ? Does it just whitelist anythung running via svchost or it does check the underlying process ?
If HIPS is active it'll alert about the malware wanting control over a valid process.
If you're using Cruelsister's configuration, the malware will be sandboxed before it's able to inject into svchost/rundll and won't have access to either legitimate processes.
 
Last edited:
Joined
Jul 26, 2018
Messages
65
Operating System
Windows 8.1
Antivirus
Comodo
#48
How does comodo fare with svchost or rundll32 ? Does it just whitelist anythung running via svchost or it does check the underlying process ?
in blocked apps sometimes i see svchost blocked hips or firewall sometimes both and sometimes it runs svchost virtually so if malicious process it blocks
 
Likes: notabot