Signed Malware & Antivirus Detection

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Signed malware on home users has happened, with ccleaner
Then run cf + some good antivirus with very good behaviour blocker/ system monitor to take care of it, comodo does rest

1. how often do you download things? Just use portable ccleaner etc. Its very rare and unlikely to get infected anyhow if you really think it

2. have backup incase this very rare case happens


Does it auto sandbox even things not initiated by explorer/shell so suppose someone exploits my browser to run something remote - will it be sandboxed ?
In comodo cloud antivirus theres browser protection, wich will prevent the changes and any rat that runs in sandbox cant connect since it has no access to internet connection


Il just use comodo because it will inform me because of sandbox , compared to auto allow antivirus
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
How does comodo fare with svchost or rundll32 ? Does it just whitelist anythung running via svchost or it does check the underlying process ?
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Trusted Application Mode in Kaspersky
Set all unknown applications to be denied by default.
Don't experiment with new unknown programs until you have done the research on them. Stick to downloading from trusted sources and you should be fine. What is the Internet saying about that program? Upload to VirusTotal. Your best defense is brain.exe.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
How does comodo fare with svchost or rundll32 ? Does it just whitelist anythung running via svchost or it does check the underlying process ?
If HIPS is active it'll alert about the malware wanting control over a valid process.
If you're using Cruelsister's configuration, the malware will be sandboxed before it's able to inject into svchost/rundll and won't have access to either legitimate processes.
 
Last edited:

kylprq

Level 4
Verified
Jul 26, 2018
146
How does comodo fare with svchost or rundll32 ? Does it just whitelist anythung running via svchost or it does check the underlying process ?

in blocked apps sometimes i see svchost blocked hips or firewall sometimes both and sometimes it runs svchost virtually so if malicious process it blocks
 
  • Like
Reactions: notabot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top