The Comodo's challenge.
- Thread starter Andy Ful
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Feb 7, 2023
- 1,739
If Comodo could 100% solve this problem, everyone else would too and then there won’t be malware, anti-malware, there wouldn’t even be MalwareTips.
Thank you for the test. Please don't take it the wrong way, but "popular practice" is not a test of Comodo, especially for a bypass test. The vendor's configuration should be tested for such tests, in which case proactive comes with HIPS enabled. But the test was informative and showed, as you mentioned, that there can be some cons to the popular practice.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,152
The video is not a test about the overall protection of Comodo AV, because the method used in the video is not a full attack.
In my opinion, it can be a part of the full attack. How strong can be Comodo against the full attacks can depend on Comodo's settings and the details of the attacks.
Last edited:
- Aug 19, 2019
- 1,023
Thanks. All about layers I guess. Thankful that i have CyberLock to help bolster whatever security setup I'm using.
- Mar 10, 2023
- 144
Same here. I am from the old school and still like to have it around.I always use HIPS module enabled.
Nikola Milanovic
Level 2
- Oct 17, 2023
- 69
This test is not fair because he disabled everything in Xcitium as ozer metins says if he wouldnt disable everything in Xcitium Xcitium would have protected the system with Auto-Containment and HIPS and the attack would be prevented
- Sep 2, 2021
- 2,313
As I said to you in mp, you must not have watched the video because you can see the auto-sandbox being triggered when the program is run.
As explained, he used a script with LOLBins that cut Comodo's services.
And yes, it's dramatic, and for me it could be a security problem.
It's true that Comodo is efficient, but it's not as perfect as its competitors.
- Apr 5, 2021
- 573
The one problem with enabling the HIPS and blocking by default every conceivable LOLBin imaginable, then having to create individual rules to allow trusted programs to use the required LOLBins, is that it is time-consuming, tedious work and the end user will have to have rather intimate knowledge of what they're doing, otherwise they will either allow something too permissively, cripple their system by being too restrictive, or a combination of both. I'm pretty sure this is one reason why Cruelsister does not enable HIPS in her Comodo setup.
There is also the bug (does it still exist in the latest release??) where all the HIPS rules disappear without warning.
There is also the bug (does it still exist in the latest release??) where all the HIPS rules disappear without warning.
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,152
It is not perfect but in my opinion, it can still be a decent protection. I would not choose an average competitor to show the attack method.
Before making a video, I thought that with strict Auto-Containment and Proactive configuration one could safely skip HIPS. But as @ozer.metin (Comodo staff) mentioned, HIPS can be an essential part of Comodo's protection. I am not sure if HIPS can close all variants of the attack, but most of them can be prevented for sure.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,152
I am not sure if @cruelsister intended to tweak Comodo against all highly targeted attacks. Furthermore, her settings were created several years ago and still could prevent almost all attacks (I tried several times). Even if someone can use my method as a part of the infection chain, it will be probably a targeted attack.
Overall, not an issue, at least for home users (my opinion). I suggest keeping HIPS disabled for not-knowledgeable users and setting containment to block instead for users who don't use containment, suspend alerts, or use silent mode. Containment set to block would prevent such attacks, correct, @Andy Ful?
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,152
Exactly!... and this is just one bug from a long list of hundreds of old unfixed bugs, all very well known bugs, repeatedly reported by users, and always ignored and minimized by Comodo' staff and fanatics.
The ridiculous Mantra is always the same: "Comodo works perfectly for me".
In real life, if users are infected or have serious problems due to Comodo' bugs, they are blocked/deleted from Comodo's forum.
Comodo's fiasco is not so big affecting thousands of users, just because only few fanatics use Comodo's products.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,152
- Feb 7, 2023
- 1,739
They will be very sad watching these videos. All 5 of them.
COGNITIVE DISSONANCE: Inside the mind of these few 5 fanatics, even when Comodo is full of bugs, even when Comodo' Containment can be bypassed, even when etc etc etc... in their masochist mind always is an "user fault", never a Comodo' fault.
The situation is so bizarre, that all the time Comodo's staff needs to invent subjective definitions about "what Comodo' protection is" (as a diversion, in order to hide bugs and other dangerous issues).
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,152
In the second part of Comodo's challenge, I tried Proactive Configuration + HIPS + max settings for Script Analysis, but Comodo crashed. So, one must be careful with HIPS.
The less problematic but still very strong config is similar to @cruelsister settings.
The less problematic but still very strong config is similar to @cruelsister settings.
Similar threads
