Xcitium Verdict Cloud(Valkyrie)

[Xeno1234]

It works with alot of edrs. My clients using defender ATP with Containment Blade

I could try this with Harmony if it works. Ill probably just use containment and VirusScope (if thats compatable)

 

[ForgottenSeer 103564]

When locally sandboxed you won't need to worry about damage. You may also make rules to Deny traffic for contained items. Their cloud sandbox is prone to the save evasions as all others. From personal experience... I've submitted samples that tricked the comodo cloud sandbox. Check out some of my malware analysis post's for examples.

On a local sandbox isolating the internet will hamper many samples from functioning, which is almost as pointless as trying to analyze sandbox aware malware. It would be interesting to know the rule-set its automated with.

Will sit down later and give those a look.

 

[Sandbox Breaker - DFIR]

I could try this with Harmony if it works. Ill probably just use containment and VirusScope (if thats compatable)

It works with Harmony. So you then have 2 cloud sandboxes and one local to prevent damage! Even if it bypasses the two cloud ones... Your local one does not care as the file is untrusted.

 

[Xeno1234]

It works with Harmony. So you then have 2 cloud sandboxes and one local to prevent damage! Even if it bypasses the two cloud ones... Your local one does not care as the file is untrusted.

And the anti-malware engine on harmony is extremely good. Should block anything that gets past sandbox locally (I use gamemods, so the game has to be out of the sandbox and some mods might be malicious).

 

[Kongo]

And the anti-malware engine on harmony is extremely good. Should block anything that gets past sandbox locally (I use gamemods, so the game has to be out of the sandbox and some mods might be malicious).

Even without any experience with either Comodo/xcitium and Harmony I would dare to say that pretty much nothing will get past those two. Not even legitimate software. Wonder if that's actually a good setup on a productive system.

 

[Sandbox Breaker - DFIR]

Even without any experience with either Comodo/xcitium and Harmony I would dare to say that pretty much nothing will get past those two. Not even legitimate software. Wonder if that's actually a good setup on a productive system.

It's overkill. Xcitium containment alone with configure defender is good. All ASR rules on.

 

[Xeno1234]

It's overkill. Xcitium containment alone with configure defender is good. All ASR rules on.

Yeah its definetally overkill. If all my applications work in containment ill try it with just defender but if not, ill try out Harmony.