Which is not the case in real world as we all have seen how miserably comodo antivirus failing in terms of the antivirus engine and signatures in various tests, also they don't have any proper web and url filtering protection and the firewall component too lacks the presence of a proper network intrusion detection/prevention module and the firewall component itself hasn't been updated for ages which is very very important thing and is present in almost all major security software vendors be it kaspersky or norton or eset or avast or avg that's that. And when someone highlights this critical points to them on there forum they blocks that user, this kind of behaviour looks extremely weird and strange itself from there end.
okGuys,
This thread is not about several possible Comodo issues, but about tampering with antimalware drivers and protected services.
Please, we should not stray from the subject too much.
Hi @vitao,
It worked on comodo set to restricted too ? Or just untrusted?Hi @vitao,
I shared the attack method only with the AV vendors (Kaspersky, Microsoft, etc.).
I do not plan to share it further except if it will be seen in the wild.
I do not think that this method can become popular in attacks on home users. The gain of using it is related to Enterprises.
Response of @ozer.metin (Comodo Staff- Chief Innovation and Technology Officer)
malwaretips.com
It does not matter because nothing was contained. The attack uses only legitimate executables.
I'm not sure how it works but is there anything you can do like setting exploit guard to comodo core components (no idea how it works so unsure if any harding by exploit guard might help )
Is there any vendors that hardened the driver to be able to deal with this attack or does Microsoft need to create some SDK to allow further hardening to allow av software drivers to be protected against some of these advanced attacks
Although I used CMD in one particular variant, the modified attack can bypass Comodo with all options related to embedded code detection.
malwaretips.com
