- Mar 19, 2016
- 38
My specs: i7 4770K Cpu, 16 ram etc.
what does Comodo do, to protect from fileless attacks that exploit vulnerable windows processes?My recommend is always COMODO Internet Security, it is free and it can give the best protection to you on this market!
Please check it here : Free Internet Security for Windows 10 from Comodo
Todays threats are unknowns. So you cannot let an unknown application run in your PC. Comodo works with Default Deny mechanism. It only allows to run "whitelisted" applications. Your system always safe and secure.
If there is an unknown app, then it goes to automatic sandbox and it won't hurt you and your files.
If it is known malware for Comodo, then it goes to quarantine.
Comodo gives all of these staff for FREE!
I recommend you to do best decision. Stay safe!
yigido,
That point that Comodo should improve itself, it is Anti-exploit. Comodo needs anti-exploit protection layer. Even without this Comodo can protect you against %99 of threats.what does Comodo do, to protect from fileless attacks that exploit vulnerable windows processes?
thanksThat point that Comodo should improve itself, it is Anti-exploit. Comodo needs anti-exploit protection layer. Even without this Comodo can protect you against %99 of threats.
On AV-Test result, Comodo gives %100 protection.
But against those kind of threats, your default-allow AV can protect you? It is not just Comodo's fault, if we must to be fair.
Thanks God, questioner has Zemana AntiLogger and I saw some detection of fileless malware from Zemana.
I will ask about it to Comodo.
You can use Comodo as anti-exe with more usability. You can set CIS or CFW to "Block all unknowns" so there will be no running unknowns on your PC but safe ones.thanks
I think that most and maybe all AVs will not protect you very much from this.
The products that do protect you from this kind of thing are mainly in the anti-exe department: NVT ERP, AppGuard, SpyShelter, SecureAPlus, and VoodooShield. Maybe others, too.
Since Comodo's auto-sandbox can be used as a kind of anti-exe, that's why I was asking.
thanks
I think that most and maybe all AVs will not protect you very much from this.
The products that do protect you from this kind of thing are mainly in the anti-exe department: NVT ERP, AppGuard, SpyShelter, SecureAPlus, and VoodooShield. Maybe others, too.
Since Comodo's auto-sandbox can be used as a kind of anti-exe, that's why I was asking.
so accordingly, Comodo auto-sandbox, and Kaspersky TAM, should provide pretty good protection?As long as a security solution blocks writes to autorun registry key entries your system will not be persistently infected.
Poweliks and Kovter for example also write to HKCU - which isn't necessary to protect those keys. The encrypted keys will be inert on system but unable to execute.
I know a lot of people can't stand the thought of having inert malware on their systems, but this is how virtually all security softs work - unless you use virtualization or snapshot software.
If you expect security soft to prevent modification of entire system, then you will be greatly disappointed since most security softs don't work that way.
COMODO sandbox won't allow writes to actual system registry - but instead to virtual container registry, same with Sandboxie. Once delete sandbox, everything is gone.
Disable powershell and powershell_ise if you are paranoid about fileless malware.
Fileless malware works predominantly via exploit - so keep softs updated. You can also add anti-exploit. Probability of a successful zero day exploit is miniscule.
Looking for 100 %, perfect security is a pipedream.
---------------I think you are talking about a different kind of exploit. Yes, the kind you are talking about is rare, and probably won't effect you, if you are using a good, up-to-date browser.
I was talking about certain techniques that malware uses to bypass the standard anti-exe function. They bypass it, and hide from the AV, by using scripts that call windows processes such as rundll32 and others.
The anti-exe products usually have some script protection, but it is prone to FPs and to blocking of valid processes, so it is a tricky thing.
so accordingly, Comodo auto-sandbox, and Kaspersky TAM, should provide pretty good protection?
what about AVAST in hardened mode? will it stop 99.9% of nasties?It has been proven time and time again, AV will not protect your system against every potential threat; AV is just for acceptable baseline security - and nothing more.