Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
Xcitium Endpoint Security was obliterated by an exploit!
Message
<blockquote data-quote="vitao" data-source="post: 1106759" data-attributes="member: 109212"><p>helllo my friend.</p><p></p><p>1. have no idea. just installed and let it with its default configurations for the test;</p><p></p><p>2. the recomended settings will always be applied when installing the software so if they recomend anything diff from what you see on my video, its their mistake as they dont have any kind of place to show their recommendations. but who knows... <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /> about hips, well, if marked to block, then hips will block as the exploit is not for hips, its for containment.</p><p></p><p>3. for my experience it takes seconds to propagate informations regardless what was going on at the vm used on this tests. in the video some parts had to be accelerated but even with that, when i come to the logging part it was not "rushed". one important note, when cis/xcitium is not able of classifying some file, no matter how long you wait, it will not be classified in xcitium/cis nor xcitium edr dashboard.</p><p></p><p>4. sorry. as english is not my primary language... if i understand correctly you are talking about how i bring the malwares to the vm for the tests? if so, in this video i didnt show this part so the video could be not so big but i explained that these samples were downloaded in the same day as the video recording. in fact, all my videos testing avs uses samples downloaded from the internet (downloaded from the vms). the drag n drop vm feature is always off as this could expose my host machine to the malwares.</p><p></p><p>about microsoft smart screen, its not disabled but i tend to disable everything related to defender and security center for these tests. the goal is not to have any microsoft technologies interfering on the tests.</p><p></p><p>hope i answered you my friend.</p><p></p><p>i dont remember if this video has subtitles. if not, please let me know and ill provide it. i know that the video showing this same poc downloading and running an ransomware has multiple subs already.</p><p></p><p>btw., the poc will work with xcitium as xcitium client security is just the same cis with a little tweaking to make it work with the dashboard for the edr part of xcitium, so, any malware/payload/kit/poc/etc that can evade cis sandbox will do the same with xcitium. in fact, if you watch closely youll realize that the real differences between cis and xcitium are the rulesets and not the modules itself... <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p>any more informations must be asked for the dev of this poc as he is the guy with the best knowledge to answer technical questions regardless his poc <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /> for things related to the tests, please, bring it to me and if necessary i can do another test too.</p><p></p><p>EDIT.: oh! maybe i mix everything here... i recently posted a new video testing xcitium against 100 malwares... <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite115" alt=":p" title="Stick out tongue :p" loading="lazy" data-shortname=":p" /> the link is this one: [MEDIA=youtube]hngAqgMF97M[/MEDIA]</p><p></p><p>sorry if i mixed the answers provided here with the results from both videos <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite115" alt=":p" title="Stick out tongue :p" loading="lazy" data-shortname=":p" /></p><p></p><p>ps.: regardless the poc on the vm, i did drag n drop for the poc, then disabled the drag n drop feature and did the testings. for the video with 100 malwares it was different. all downloaded from inside the vm.</p></blockquote><p></p>
[QUOTE="vitao, post: 1106759, member: 109212"] helllo my friend. 1. have no idea. just installed and let it with its default configurations for the test; 2. the recomended settings will always be applied when installing the software so if they recomend anything diff from what you see on my video, its their mistake as they dont have any kind of place to show their recommendations. but who knows... :) about hips, well, if marked to block, then hips will block as the exploit is not for hips, its for containment. 3. for my experience it takes seconds to propagate informations regardless what was going on at the vm used on this tests. in the video some parts had to be accelerated but even with that, when i come to the logging part it was not "rushed". one important note, when cis/xcitium is not able of classifying some file, no matter how long you wait, it will not be classified in xcitium/cis nor xcitium edr dashboard. 4. sorry. as english is not my primary language... if i understand correctly you are talking about how i bring the malwares to the vm for the tests? if so, in this video i didnt show this part so the video could be not so big but i explained that these samples were downloaded in the same day as the video recording. in fact, all my videos testing avs uses samples downloaded from the internet (downloaded from the vms). the drag n drop vm feature is always off as this could expose my host machine to the malwares. about microsoft smart screen, its not disabled but i tend to disable everything related to defender and security center for these tests. the goal is not to have any microsoft technologies interfering on the tests. hope i answered you my friend. i dont remember if this video has subtitles. if not, please let me know and ill provide it. i know that the video showing this same poc downloading and running an ransomware has multiple subs already. btw., the poc will work with xcitium as xcitium client security is just the same cis with a little tweaking to make it work with the dashboard for the edr part of xcitium, so, any malware/payload/kit/poc/etc that can evade cis sandbox will do the same with xcitium. in fact, if you watch closely youll realize that the real differences between cis and xcitium are the rulesets and not the modules itself... :) any more informations must be asked for the dev of this poc as he is the guy with the best knowledge to answer technical questions regardless his poc :) for things related to the tests, please, bring it to me and if necessary i can do another test too. EDIT.: oh! maybe i mix everything here... i recently posted a new video testing xcitium against 100 malwares... :p the link is this one: [MEDIA=youtube]hngAqgMF97M[/MEDIA] sorry if i mixed the answers provided here with the results from both videos :p ps.: regardless the poc on the vm, i did drag n drop for the poc, then disabled the drag n drop feature and did the testings. for the video with 100 malwares it was different. all downloaded from inside the vm. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
