Av rootkit detection?, and defense + prevention.

dave1234 · March 5, 2009, 9:09am

???. i noticed a forum member indicating thet rootkit detection may be implemented in a forthcoming release, 3.9?. I have not seen any topics discussing this subject, but would like to find out if Cis Av has rootkit detection, and if not when its likely to be included within Cis. I say this because more and more vendors of Malware are attaching rootkits which are more difficult to detect and remove than most other Malware, generally. If Comodo are serious about developing The Av, and i believe they are due to the incredible growth of the data base and upcoming improved Heuristics, and integration of Boclean, then i think its imperative that this is included and soon as possible to make it more complete,as most other vendors have Rootkit detection already.

Further some forum members will state, we have defense+, which will notify you of the Malware anyway, correct?. i fully understand this, and Defense+ is awsome, but will it recognise a rootkit for what it is?, or is it not that important as long as it prevents the malware, after i have made the decision to block, it?.

Regards
Dave1234.

jimbell · March 5, 2009, 9:25am

I was under the impression that CIS AV detected everything, including rootkits.

Jim

Bad_Frogger · March 5, 2009, 9:57am

Hi Guy’s,

CBOClean detects and deals with Rootkits, as well as other very sneaky threats,
That can fool regular AV’s and Users.
They are soon, in an upcoming CIS version going to integrate CBOClean.
In the meantime I recommend using it alongside CIS for a more complete security solution.
http://www.comodo.com/boclean/boclean.html

Later

PS: Yes I believe that with D+, the odds are very slim, because the prevention is there.
The BOClean is for peace of mind, because I might get fooled sometime and Allow
something in D+ that maybe I should not have.

antbates1991 · March 5, 2009, 10:02am

CIS protects againest Rootkits at the moment anyway. There are some signitures in the Database for Rootkits

tcarrbrion · March 5, 2009, 11:44am

I will pick up the rootkit install program but may not detect it once installed when the rootkit hides itself.

andyman35 · March 5, 2009, 6:21pm

D+ would certainly flag up any attempted rootkit installation however the AV recognition would be useful in the case of a user allowing an install.