- Aug 19, 2019
- 1,221
Great. Glad the two were combined.XIMA(Xcitium Instant Malware Analysis) is Valkyrie Static and Dynamic Analysis in this case VirusScope
Might be worth using the Spoiler feature for large screenshots
Great. Glad the two were combined.XIMA(Xcitium Instant Malware Analysis) is Valkyrie Static and Dynamic Analysis in this case VirusScope
I'm aware of that. What I meant in the post is that Comodo's detection technologies don't help containment or users decide whether to run an unknown or unvetted program in containment or outside. As a result, they don't make Comodo any more user-friendly in terms of usability. Therefore, the VirusScope default setting analyzes apps running in containment only, and it's likely that the Valkyrie default will be the same.VirusScope is Static and Dynamic Behavioral Analysis and its excellent and amazing
right, I used CF (cruelcomodo) for several years, I was merely pointing out to @Xeno1234 that not everyone here likes Xcitium (comodo). I have not tried Xcitium on VM yet, but I do have CF 2024 beta running on a VM.There are a lot of topics debating Comodo's effectiveness. The Firewall with Containment alone is all you need and you can run any AV along side of it. @cruelsister tests it regularly against the latest threats. It has taken years to be updated but it's firewall still does what it does well and Containment when configured properly has yet to be compromised and contains the latest ransomware with no issues. At the end of the day, use what works best for you. There are other products out there using sandboxing/containment technology of unknowns.
Anyway, with anticipated next stable release January/Feb for Comodo Firewall/CIS we'll see how it develops. Xcitium Enterprise producs are current and updated all the time. The last I heard, they're working with CF/CIS to bring it in line.
Ah okay.right, I used CF (cruelcomodo) for several years, I was merely pointing out to @Xeno1234 that not everyone here likes Xcitium (comodo). I have not tried Xcitium on VM yet, but I do have CF 2024 beta running on a VM.
Here's a brief overview of BitDefender EDR : Advanced Security - Victor M BitDefender EDR test box ConfigThank you for the test results, how does it compare to other comparable EDR solutions?
Are you using Xcitium also?My red team just invited some Chinese hackers to test the defenses. I am using my Xcitium OpenEDR machine now. Will keep you guys posted on the progress.
I also have WDAC in effect - a) a blacklist of some LoL Bins and b) a whitelist of MS Signed files, \Windows, \Program Files, \Program Files (x86) . And Xcitium EDR also has Auto-Containment. So alien files are not that much of a worry. Xcitium has several products, I assume you are talking about Xcitium Verdict Cloud?Are you using Xcitium also?
Any newsI also have WDAC in effect - a) a blacklist of some LoL Bins and b) a whitelist of MS Signed files, \Windows, \Program Files, \Program Files (x86) . And Xcitium EDR also has Auto-Containment. So alien files are not that much of a worry. Xcitium has several products, I assume you are talking about Xcitium Verdict Cloud?
EDIT maybe I should worry, because if they obtain System rights from attacking SVCHOST, then they can write to \Windows \Program Files etc. But Xcitium EDR Auto-Containment is pretty smart - it recognizes odd program executions, even if they are Xcitium files themselves.
Update re: the red team guest Chinese Hackers attack
They attacked a few days ago and used a network attack. It affected the LogonUI.exe of Windows, and I couldn't logon.
So, the solution was to make a containment rule to virtualize logonui.
Hint: don't be afraid to virtualize Windows executables. It is a good defense measure. Test the 'virtualize' containment rule. If it makes Windows malfunction, then change the rule to 'restrict' the windows exe. 'Virtualize' and 'Restrict' has the same effect but does it via different means. That's how the documentation explains it.
However, the current Comodo Internet Security Beta 2024 does not allow you to specify a virtualization rule to virtualize any Windows exe. I am using Xcitium OpenEDR's Comodo Internet Security and it can do that. I made a complaint about 2024 beta in the Comodo forum and they asked me to provide a screenshot, which I did. I explained that I am a current Xcitium EDR customer and if this the direction that their Internet Security is heading towards, then they need to change it. Hopefully they will make the modification.
Xcitium OpenEDR only costs $4 / month postpaid, first month is free. The cost is on par with most consumer AV's. And I encourge everyone to try it. Open EDR is better than Bitdefender EDR and Kaspersky EDR. I have evaluated both. If I weren't using Xcitium OpenEDR, there would be no solution to this attack, because most EDR's only solution is to 'Block', and one cannot block logonui -- Windows wouldn't function.
you didnt got attacked you had XcitiumI was attacked on the 3rd or 4th of Jan EST. Your screenshot was for an analysis done on the 5th UTC.
How is Kaspersky EDR. Their home AV is great so im curious about their Enterprise.Update re: the red team guest Chinese hackers attack
They attacked a few days ago and used a network attack. It affected the LogonUI.exe of Windows, and I couldn't logon. Pretty deadly attack.
So, the solution was to make a containment rule to virtualize logonui.
Hint: don't be afraid to virtualize Windows executables. It is a good defense measure. Test the 'virtualize' containment rule. If it makes Windows malfunction, then change the rule to 'restrict' the windows exe. 'Virtualize' and 'Restrict' has the same effect but does it via different means. That's how the documentation explains it.
However, the current Comodo Internet Security Beta 2024 does not allow you to specify a virtualization rule to virtualize any Windows exe. I am using Xcitium OpenEDR's Comodo Internet Security and it can do that. I made a complaint about 2024 beta in the Comodo forum and they asked me to provide a screenshot, which I did. I explained that I am a current Xcitium EDR customer and if this the direction that their Internet Security is heading towards, then they need to change it. Hopefully they will make the modification.
Xcitium OpenEDR only costs $4 / month postpaid, first month is free. The cost is on par with most consumer AV's. And I encourge everyone to try it. Open EDR is better than Bitdefender EDR and Kaspersky EDR. I have evaluated both. If I weren't using Xcitium OpenEDR, there would be no solution to this attack, because most EDR's only solution is to 'Block', and one cannot block logonui -- Windows wouldn't function.