Hi all.
there is a topic posted on malwaretips.com by one of the members , that a signed piece of malware bypassed cfw 10.
he posted a youtube link where he demonstrated the bypass :
https://www.youtube.com/watch?v=gWo0XnLHr3ghere is what he did in his test :
1. check Comodo firewall settings
2. delete all trusted vendors
3. add some malware to see if Comodo is working OK
4. check that one malware at VT
5. run malware and watch:
- C:\Users\Av-Gurus\AppData\Local
- Task manager startup
- network connection
he later did his test with hips module turned on , but the outcome was the same.
the firewall was configured , what has been commonly known as " cruelsisters settings " , which are as follows :
* proactive configuration.
firewall :
* do not show popups , block requests
* hips disabled
* sandbox do virtualize acces to unchecked
* do not show privalidge alerts , block
* auto sandbox :
run virtually : all aplications : restricted