I know some malware can bypass something as UAC, what about Defense+?
Form me it’s the best line of defense, and I want to know if it’s justifiable. 
UAC is easy to bypass. Defence+ is hard to bypass. You have to be Comodo staff or pro hacker (very rare) to bypass it.
Good luck bypassing defense+ ;D
There have been some POCS(proof of concept) in the past and they are usually fixed… But i’ve never heard of any real threat by passing defense+. Although you can make a human error and allow something you shouldn’t…
Anything can be bypassed. It’s just about how hard it might be. Comodo staff know how you can disable Def+ and all the hackers just need to know is how? But yes human error is the one you need to worry about.
But speaking hypothetically: IT security pro using CIS against the pro hacker. Your bets? CIS might fail but Windows will LOL! 8)
I want to report the fact that Comodo Sandbox weakens the Defence component.
I used to show people that Comodo Defence system is good because of it’s architecture. I made a fork bomb application and gave it to numerous people, including BitDefender users. None of the recipients were warn about the malicious code.
Comodo Defence is very restrictive on applications running other applications, specially when they are new. When I am uncertain about the applications that I run, I don’t check the remember answer and so I get to know that a fork bomb is in action before it gets to spread.
When I was making a demo to a friend on my laptop I got fork bombed with the Comodo Defence active. No rules were available for the application. I noticed that the program was sandboxed. When I restarted my laptop and turned off the Sandbox the Defence successfully blocked the self call.
The fork bomb was made under .NET. If you want the executable tell me how I can upload it to the forum. I see that the .exe extension is forbidden.
When the program gets sandboxed it’s safe. No damage can be done. What restriction did you run in the sandbox anyway?
The program was sandboxed as partially limited. Since fork bomb is a DOS atack, limitating the rights has no effect. I’m am still curios, why didn’t Comodo Defence tell me anything after the application was sandboxed. Do applications get ignored by Comodo Defence after they get sandboxed?
Does this page sum up what the application was meant to do?
If so you should be aware that by design the sandbox will allow a program to use up as much system resources as it likes. However, any program sandboxed will not be allowed to auto-start. Thus, if the purpose of the program was just to use up system resources it would be able to do that in the sandbox. However, upon restart the system would be fine. This is the way the sandbox was designed.
It would be difficult to imagine a real-world malware which is meant to just annoy users by using up system resources once. CIS is designed to protect users from real-world malware, not POC applications.
Please let me know if you have any questions.
Thank you.
First of all, I was referring to the same Fork Bomg concept. I understand what you mean about the Comodo Sandbox and I agree that the system starts normally.
I just wanted to point out that disabling Comodo Sandbox prevents the fork bomb from happening. Anyway, I find it stupid that Windows doesn’t have build in defence for such code. It’s such an old school atack.
Thank you for your time and answer.
That’s it nothing more.
I see your point now. Windows will be Windows disaster is a step away.