Author Topic: Test your CIS web filter ( antivirus ) in Internet Explorer and others browsers  (Read 2449 times)

Offline Henrique - RJ

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 295
  • Rio de Janeiro - RJ - Brazil
http://www.wicar.org/test-malware.html

In Firefox or Chrome the CIS web filter ( antivirus ) not work.

Yes, CIS antivírus have signatures for malicious web browser objects ( html, js, etc ) !
« Last Edit: August 13, 2017, 08:42:14 PM by Henrique - RJ »

Offline Eric Cryptid

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2790
  • Security Saskquatch
Re: Test your CIS web filter ( antivirus ) in Internet Explorer
« Reply #1 on: July 28, 2017, 05:57:33 PM »
On my Windows 10 PC - Each link pops Malware Warning within Chrome and in Firefox as well as Edge as malicious page containing malware by the browser though Edge downloads the file whereas Chrome and Firefox block the download from happening. Comodo dragon opens all the links and downloads the file on the first link but that test file is blocked by CIS.

Eric

Moderator: Any concerns? PM me and/or review the Forum Policy
System: 64 bit Win 10
Realtime Protection:CIS 12

Offline Henrique - RJ

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 295
  • Rio de Janeiro - RJ - Brazil
Re: Test your CIS web filter ( antivirus ) in Internet Explorer
« Reply #2 on: July 28, 2017, 06:10:15 PM »
Yes, Firefox block the link tests but my objective is test antivírus CIS.
« Last Edit: July 28, 2017, 06:29:27 PM by Henrique - RJ »

Offline Henrique - RJ

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 295
  • Rio de Janeiro - RJ - Brazil
Re: Test your CIS web filter ( antivirus ) in Internet Explorer
« Reply #3 on: August 13, 2017, 08:41:30 PM »
Eureka !!!

Now we can have a web filter in Firefox and Chrome with CIS.

In Firefox:

1. Put your antivírus in access mode.
2. Remove HIPS rules temporary files for all applications permission.
3. Put this path ( C:\Users\*\AppData\Local\Mozilla\Firefox\Profile\* ) in \Reputtation\Files Groups\Temporary Files
4 Test it with wicar.org and look.

In Chrome:

1. Put your antivírus in access mode.
2. Remove HIPS rules temporary files for all applications permission.
3. Put this path ( C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\* ) in \Reputtation\Files Groups\Temporary Files
4 Test in wicar.org not possible because the protection browser ( it remove cod test on access ).
« Last Edit: August 13, 2017, 08:46:22 PM by Henrique - RJ »

Offline devilbat

  • Comodo Loves me
  • ****
  • Posts: 176
Re: Test your CIS web filter ( antivirus ) in Internet Explorer
« Reply #4 on: August 20, 2017, 03:47:43 PM »
Now we can have a web filter in Firefox and Chrome with CIS.

Interesting. Do you know if it can filter javascripts and iframes as well? I noticed that it is scanning downloaded objects and interrupting the download of detected objects in Firefox. Here it was not needed to delete the exception rule for Temporary files.

It is interesting how a lot of people had been asking for this object scanning since many years and it is already here, just needing to add some rules. Comodo should include those rules by default.
« Last Edit: August 20, 2017, 03:56:49 PM by devilbat »

Offline Henrique - RJ

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 295
  • Rio de Janeiro - RJ - Brazil
Interesting. Do you know if it can filter javascripts and iframes as well? I noticed that it is scanning downloaded objects and interrupting the download of detected objects in Firefox. Here it was not needed to delete the exception rule for Temporary files.

It is interesting how a lot of people had been asking for this object scanning since many years and it is already here, just needing to add some rules. Comodo should include those rules by default.


Helloooo brazilian devilbat !!!

How are you ????

It detect js ( java script ) object too ( malicious iframe I don't know ).

------------------------------------
EDIT

Look malicious iframe/js in html detected by Comodo:

https://malwr.com/analysis/NzNiZGM1OGRjZDQ2NDVmYWJlODE0M2VlMDIyZTQ2Yjk/

Look malicious PHP BACKDOOR detected by Comodo:

https://malwr.com/analysis/ZDdhNjNmMWRiOGQ0NDlhMzkxZGI5NjVkOWVhOTg3NmU/
« Last Edit: August 20, 2017, 08:08:15 PM by Henrique - RJ »

Offline devilbat

  • Comodo Loves me
  • ****
  • Posts: 176
How are you ????

It detect js ( java script ) object too ( malicious iframe I don't know ).

Doing well. Maybe if you can discover the temporary folders of Email clients (where the emails and attachments are stored) and including those folders in this Temporary folders rule, it will possibly make Comodo AV filter emails as well.

I think I am going to suggest for Comodo to include by default the rules you mentioned in the other post. Comodo AV should scan the contents of all browsers by default, even more if it have the capability of doing so just by adding a rule that points to a folder.

Also to have this object scanning working in Sandboxed Firefox, the Comodo AV needs to be at "On Access" mode.

Offline Henrique - RJ

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 295
  • Rio de Janeiro - RJ - Brazil
Are diferents email clients. I use Simple Mail extension for Firefox and your temporary folders not possible scan for AV Comodo ( I tested ).

It referency the emails are scan in server mails for default ( ex gmail.com or yahoo.com ). No have necessity to escan again.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek