Author Topic: critical problem !!!!  (Read 2401 times)

Offline mikemuse

  • Newbie
  • *
  • Posts: 9
critical problem !!!!
« on: October 17, 2015, 02:06:37 AM »
hello people  who is the engineer here ?   i want to report about critical problem , but nobody return to me
i open a topic before and still nobody return to me !
here a video
https://www.youtube.com/watch?v=WtcCe5VCvs4

Ty and Have nice day !
« Last Edit: October 17, 2015, 02:10:05 AM by mikemuse »

Offline John Buchanan

  • "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well armed lamb contesting the outcome of the vote." ~ Benjamin Franklin
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6587
  • Personal Dragons can be defeated. Improve yourself
Re: critical problem !!!!
« Reply #1 on: October 17, 2015, 05:25:29 PM »
Bug reports must be formatted as per this post before the Devs will even look at it.
Thank you.
Please follow Comodo Forum Policy

Bah! Ban 'em all! The only good member is a banned member
And a member is just a policy violator who hasn't been caught yet. >:-D

Offline mikemuse

  • Newbie
  • *
  • Posts: 9
Re: critical problem !!!!
« Reply #2 on: October 17, 2015, 11:32:08 PM »
can i send you a private message  then you will give all the info to the  guy's in the company?

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23875
Re: critical problem !!!!
« Reply #3 on: October 18, 2015, 12:53:54 AM »
Can you provide us with a comprehensive explanation of the bug/error that is  happening? What CIS settings are being used? How does the file under investigation bypass? Without checking 21 minutes of video; what user actions are needed or not needed to bypass CIS?

Offline mikemuse

  • Newbie
  • *
  • Posts: 9
Re: critical problem !!!!
« Reply #4 on: October 18, 2015, 07:26:09 PM »
Can you provide us with a comprehensive explanation of the bug/error that is  happening? What CIS settings are being used? How does the file under investigation bypass? Without checking 21 minutes of video; what user actions are needed or not needed to bypass CIS?

i send you private message with a info

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23875
Re: critical problem !!!!
« Reply #5 on: October 19, 2015, 10:53:40 AM »
I got a pm from mikemuse containing some more details about the bypass. Since Comodo always discusses these things in public I asked to post the details of the bypass.

I also asked him to answer the following questions when posting here. Looking at what you are writing I think you made a batch file that you converted to an executable. Normally CIS should sandbox an unknown executable and should protect its self. That has me wondering what is going on. Does the executable also contain an exploit to get this type of access? Can you also check the Defense + logs and the Alerts logs to see if CIS registered the executable getting executed?

Also I am noticing that you are running Windows 10 using VM Ware Fusion. The UI suggests that the host system is an Apple computer. Another thing I saw was that the alert (at around 16:44 in the video) to reboot the computer after the initial update and quick scan looks different. Please explain why it is different. See attached image.

[attachment deleted by admin]

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23875
Re: critical problem !!!!
« Reply #6 on: October 20, 2015, 10:59:04 AM »
different ? what different  if i download the Comodo from the Comodo website !
 (this what i got when i'm installing it )
Unless Comodo something changed in the installer, which has happened once before, I would expect an alert in which I am asked to reboot now or postpone. The alert will suggest a 30 minute delay by default and not a count down counter of 30s.

Quote
this is the first places which should be protected from attacker !!!! 
Did you check the digital signature if it is intact?
 
Quote
don't forget what happen to so many company ,which using symantec endpoint protection  when cybercriminal complete remove the antivirus, and done what they like !

antivirus folder should  always be protected !!
antivirus Services should always be protected !!
As stated in the above I share your concerns in case your scenario reproduces. But I also have to stay critical about your testing environment at the same time in the process.

Could you check the logs:

[...]

Normally CIS should sandbox an unknown executable and should protect its self. That has me wondering what is going on. Does the executable also contain an exploit to get this type of access? Can you also check the Defense + logs and the Alerts logs to see if CIS registered the executable getting executed?
[...]

In your pm you're offering a download link for your test file. Could you send me a download link by pm? We do not allow to post a download link at the forums but when a member asks for a download link you can send the link by pm. That way people can test the file while we protect inexperienced users.

We are not in the habit of publishing the content of pm's at the forums but I would like to ask you to share at the forum what you wrote me about how you made your test file and at what platforms it reproduces?

Offline sAyer

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 919
  • If opportunity doesn't knock, build a door.
Re: critical problem !!!!
« Reply #7 on: November 21, 2015, 08:21:39 PM »
I got a pm from mikemuse containing some more details about the bypass. Since Comodo always discusses these things in public I asked to post the details of the bypass.

I also asked him to answer the following questions when posting here. Looking at what you are writing I think you made a batch file that you converted to an executable. Normally CIS should sandbox an unknown executable and should protect its self. That has me wondering what is going on. Does the executable also contain an exploit to get this type of access? Can you also check the Defense + logs and the Alerts logs to see if CIS registered the executable getting executed?

Also I am noticing that you are running Windows 10 using VM Ware Fusion. The UI suggests that the host system is an Apple computer. Another thing I saw was that the alert (at around 16:44 in the video) to reboot the computer after the initial update and quick scan looks different. Please explain why it is different. See attached image.

I wish I could have seen the video but it has been made private. Possibly some form of trickery with the settings or by other means. I have seen nothing bypass CIS with my tests (which are many) or testing by others. The only thing I have seen come close is a keylogger still being able to capture keystrokes while running inside the sandbox, and I believe that was based on the sandbox settings level.

I'm wondering if his claim is true why he made the video private. Just one of dozens of false claims about being able to bypass Comodo. It's easy to make a video that appears to do so by manipulating the settings and adding exceptions. Just another poser. If you can backup your claim mikemuse then prove it.  88)

« Last Edit: November 21, 2015, 08:23:43 PM by sAyer »
"You affect the world by what you browse." - Tim Berners-Lee

"When you change the rules on what controls you - you will change the rules on what you can control.” ― Revolver

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek