Update re: the red team guest Chinese hackers attack
They attacked a few days ago and used a network attack. It affected the LogonUI.exe of Windows, and I couldn't logon. Pretty deadly attack.
So, the solution was to make a containment rule to virtualize logonui.
Hint: don't be afraid to virtualize Windows executables. It is a good defense measure. Test the 'virtualize' containment rule. If it makes Windows malfunction, then change the rule to 'restrict' the windows exe. 'Virtualize' and 'Restrict' has the same effect but does it via different means. That's how the documentation explains it.
However, the current Comodo Internet Security Beta 2024 does not allow you to specify a virtualization rule to virtualize any Windows exe. I am using Xcitium OpenEDR's Comodo Internet Security and it can do that. I made a complaint about 2024 beta in the Comodo forum and they asked me to provide a screenshot, which I did. I explained that I am a current Xcitium EDR customer and if this the direction that their Internet Security is heading towards, then they need to change it. Hopefully they will make the modification.
Xcitium OpenEDR only costs $4 / month postpaid, first month is free. The cost is on par with most consumer AV's. And I encourge everyone to try it. Open EDR is better than Bitdefender EDR and Kaspersky EDR. I have evaluated both. If I weren't using Xcitium OpenEDR, there would be no solution to this attack, because most EDR's only solution is to 'Block', and one cannot block logonui -- Windows wouldn't function.
