Exclusive for comodo forum

[b]hi,

my new video with the default settings and your conditions …

Exclusive for comodo forum…

i wish the bypass will be clear now

any question i’m here …

Best regards,

Furthers

[/b]

video looks more professional, more importanly What has “egemen” say??

[color=brown]thanks for your reply…i PM egeman but he didn’t reply until now ,i don’t know why…

If you enable the HIPS?

looks clearly HIPS disabled by default settings. Maybe enabled HIPS can do something ;D

no dear, it’s in default settings…

some members asked me to test it with sandbox(untrusted) …i tested with it and my malware run without any problems …

[b]yes it’s without hips it’s in default settings , but now i can bypass hips in training mode …

maybe in free time i can do tests for hips in other statues…[/b]

waiting thanks 88)

No Words from COMODO? ???

Of course you can bypass the HIPS in training mode. Training mode creates allow rules for everything… 88)

You leave every thing and quote this words?? You forget weak sandbox ,antivirus and firewall ??
90% customers working in default settings if u r perfessional,Remmeber there are 90% ordenary customers
Hips is under testing now maybe i will broke it like his friends …

By the way thnx for ur reply…

He is right. Sandbox couldn’t isolate his application, even though he clearly chose to isolate it.

I only quoted what I can comment on. I haven’t watched any of your videos, so I have no idea what you may or may not have done, or whether or not an actual bypass has occurred.

All I am saying is that anything can “bypass” CIS when you enable training mode…

With the default settings CIS will allow outgoing traffic. Can you run the test with Do not show popup alerts disabled? I think you should get alerted by the firewall then.

!ot!
Could the admins of the new forum do something about the hyperlink color?
I almost missed the link posted by EricJH in the last message. Gray hyperlink color on gray background is not a good idea.
I am sure lots of other links will be missed by many users if this is not fixed.
:P0l

Going back to topic, I don’t think DO NOT SHOW POPUP ALERTS will do something since the app is not running in the sandbox apparently. Seems like a clean bypass of auto-sandbox. Would be great if original poster would show the widget open and the advanced view of CIS, while running the app.

+1

Sorry for !ot!

I think differently, with “Do not show popup alerts” for firewall disabled it acts like EricJH described, so if that option is disabled it will now alert the user instead of being silent, this doesn’t only apply for things in the sandbox but rather all unknown processes and hence even if the malware bypasses the sandbox the firewall should now catch the RAT from calling home, unless the bypass makes the malware a trusted application, in such case the firewall would need to be in Custom Ruleset.

Also, +1 on the link highlight thing, until then I’ll highlight my own links in blue with an underline.

[b]

Now i’m sure , i was wrong when i came here and wrote my topic about Bypass CIS , cuz it didn’t has any serious
Interesting from Developers in comodo about my clear Bypass ,

so i’ll leave the forum and plz close my topic,

Unfortunate that I wasted my time here,

Furthers,

[/b]

If this is an exploit Comodo developers are absolutely interested. From what I understand this is not an exploit but a bypass because of the bit loose default settings. We are not too happy with the default settings of CIS here at the forums.

Could you please try to run the RAT tool with Do not show popup alerts disabled? I think you should then get a Firewall alert enabling the user to block the tool.