Hot Take Why Don’t Major AV Vendors Use Auto-Containment Like Comodo?

[Andy Ful]

@Andy Ful Is the Autoblock unknown dll enabled by default ?

I do not know.

 

[Andy Ful]

What do mean weaponized wdac, I have not seen you use this term when I searched MT for it ? I can't think of a way to weapnize it.

App Review - AV/EDR challenge

In March and April 2024, I presented a series of videos about bypassing AV solutions: App Review - The Comodo's challenge. App Review - Comodo's challenge part 2. App Review - Eset's challenge. App Review - Microsoft Defender's challenge. App Review - Bitdefender's challenge. App Review - The...

malwaretips.com

 

[Victor M]

@Andy Ful Thanks

 

[Zero Knowledge]

There's still a bunch of enterprise/government solutions for browser/endpoint isolation. Some use virtualization, but others use alternate methods. There's a long list of products out there but assessing the effectiveness is difficult unless one is willing to foot the bill to pentest robustly per TTP - let's say $3,000 for a robust test of each TTP. That's 500,000 Euros for coverage of all 227 techniques - IF - the security product covers all of them.

I could never have imagined that BufferZone would still be a functional company after all these years. I've heard Bromium is still out there too.

Bazang is right, enterprise browsers have a huge footprint in corporate land now and so does whitelisting software in enterprise and add identity management with MFA to top it off.

Ahh Bromium did they ever get bought out? Are they still around? They were the hot new company back in the day.