Author Topic: Defence Plus Safe mode is bypassed by Poweliks malware  (Read 1794 times)

Offline aigle

  • Comodo's Hero
  • *****
  • Posts: 716
Defence Plus Safe mode is bypassed by Poweliks malware
« on: December 26, 2014, 03:03:04 PM »
I have done some testing with Poweliks malware. Details are here( see post no. 8)

http://www.wilderssecurity.com/threads/very-interesting-fileless-malware-testing.371622/#post-2440797

This malware bypasses Defence plus in safe mode because of obvious reasons.

I will suggest to comodo developers that even in safe mode one should get an alert when your browser wants to run any safe application. It might stop this and some other malware infections. I am sure the developers will understand it. Allowing a browser to launch any safe application without a pop up is not safe as browser is the target of so many exploits. It will increase the security without giving rise to many pop ups as browsers normally don,t launch so many executables by themself.

Infact I think this rule should be applied to all safe applications that are prone to exploits like java.exe, flash executables, pdf readers, office docs etc.

Or at least it can be made an option in safe mode config. I know one can intercept this malware by paranoid mode but in my opinion paranoid mode is not practical for many people. I am very happy with the safe mode but bypasses like this bug me a lot.
« Last Edit: December 26, 2014, 03:07:49 PM by aigle »

Offline aigle

  • Comodo's Hero
  • *****
  • Posts: 716
Re: Defence Plus Safe mode is bypassed by Poweliks malware
« Reply #1 on: June 19, 2016, 08:48:37 AM »
I never got any reply for this. Comodo still being bypassed by fileless malware. I wish they could address this issue.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek