Defence Plus Safe mode is bypassed by Poweliks malware

[aigle]

I have done some testing with Poweliks malware. Details are here( see post no.

http://www.wilderssecurity.com/threads/very-interesting-fileless-malware-testing.371622/#post-2440797

This malware bypasses Defence plus in safe mode because of obvious reasons.

I will suggest to comodo developers that even in safe mode one should get an alert when your browser wants to run any safe application. It might stop this and some other malware infections. I am sure the developers will understand it. Allowing a browser to launch any safe application without a pop up is not safe as browser is the target of so many exploits. It will increase the security without giving rise to many pop ups as browsers normally don,t launch so many executables by themself.

Infact I think this rule should be applied to all safe applications that are prone to exploits like java.exe, flash executables, pdf readers, office docs etc.

Or at least it can be made an option in safe mode config. I know one can intercept this malware by paranoid mode but in my opinion paranoid mode is not practical for many people. I am very happy with the safe mode but bypasses like this bug me a lot.

[aigle]

I never got any reply for this. Comodo still being bypassed by fileless malware. I wish they could address this issue.

[Akon]

I also was concerned about such behaviour. I was trying to mark a browser as 'Unrecognized' (it was safe and listed in Comodo's white list) in 'File List' options, but this was not work. Bug?

To create proper rules 'Block' action was used instead of 'Ask', but this, of course, isn't a flexible way.