Author Topic: Malware vs Comodo Containtment !  (Read 13408 times)

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25840
Re: Malware vs Comodo Containtment !
« Reply #15 on: November 04, 2016, 11:38:38 AM »
I looked up the list of protected executables in Protected Files from CIS v10 beta and noticed .vbs and .js are not protected.

Offline Der.Reisende

  • Newbie
  • *
  • Posts: 3
Re: Malware vs Comodo Containtment !
« Reply #16 on: November 04, 2016, 01:39:49 PM »
Many thanks. Initially, I have tested it on "Desktop" folder and no changes were made. It appears that javascript files from "Downloads" folder were altered. I have reported your issue. As a precaution, for the meantime, you could disable "Shared Spaces" feature.

Hope it helps.

// bug 1987
With disabling this option, nothing outside the sandbox takes harm, thank you for pointing out :) A colleague at the Malwaretips forum also mentioned this, and I just finished a malware pack including Locky and CryptoLocker Ransomware. I had the background changed again (easy to restore, far from being annoying, however a known issue, someone stated above), and the notifications windows of CL appeared (fully contained, with a green frame, so was Google Chrome for the pages opened for the ransom note). Not a single file was hit by the multiple ransomware items (including those in the downloads folder now)!
It feels good you guys here are so quick in looking up those issues and try to help users, thank you a lot!

Todays results can be seen here: https://malwaretips.com/threads/04-11-2016-8.65142/#post-561275
Comodo did great again:)

P.S. I'm now aware that if you change the sandbox level to "untrusted", all malware should terminate instantly. However, our tests are to show the stock protection, that little but mighty setting preventing to alter anything in "Downloads" folder is however activated for comfort reasons :)

EDIT: Speaking of current Comodo Internet Security v8.4.0.5165, should be the same for v10 BETA once the "Downloads" folder is included by containment (unticked the box in Sandbox settings).
Thanks to all others of course too, for having a look into that matter!
« Last Edit: November 04, 2016, 01:42:43 PM by Der.Reisende »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek