Comodo is tested later i.e CIS 6 Test starts at around 30 Mins. At the end i.e the 10th malware link is a ransomware & it is autosandboxed. He tests 1-2 more links & the system restarts & reachs desktop & again restarts & this time the big ransomware screen at the boot. On the 9th link he killed cavwp.exe CAV processor, dont understand why?
Yes every thing that passed throught their Virus lab things like Virustotal’s samples user’s submissions honeypots etc etc …
And they push the Evo-gen detections with VPS but mainly with streaming updates (about 1 stream every 10 min).
Off course first samples need to come to virus lab, then they analyse them with Evo-Gen and Malware Similarity Search and push detections for users through FileRep (instantly especially for FileRepMalware) or streaming updates and VPS (for Evo-Gen). I did not find a FRESH sample bypassing these things for a few days (testing in VM). But in that test naren gave, samples are old (Evo-gen started working in feb).
I posted the link for CIS & not Avast. And I mentioned the reason in the first post.
Can anyone watch the test & comment here.
In partial limited I know some ransomware bypass CIS but I never came across any malware in my test or youtube test which appeared during boot & stopped system boot.
In this the ransomware appeared during boot & stopped system boot. The strange thing was the system automatically restarted 2 times, during 1st restart the ransomware didn’t appeared during boot & system reached desktop but on reaching desktop within few secs the system restarted again & this time the ransomware appeared during boot & stopped boot. This was weird.
The test is not in english so I dont understand what he is saying & sometimes what is mentioned on the system. But I downloaded the test & watched it couple of times.
May be I am missing something & not getting things correctly.
If anyone watch the test plzz comment & give info here.
XP SP3 32 Real System (No VMWare)
CIS 6 latest
CAV not installed
Internet Security Configuration (Default Settings)
Links Test i.e Malware links from malwaredomainlist, cleanmx & malc0de were copied & used for the test.
I clicked Sandbox whenever got Unlimited Rights popups.
After system restart KillSwitch showed no active malware, Quick Repair showed no prob, AutoRun showed no malware entries. CIS Cloud AV detected 4 malware.
HitmanPro found many malware. Few in CIS folder too & Java folder, Office folder, etc…
Attached are HitmanPro screenshots
I also tested Avast 8 RC2 Free with the same links. PUP Enabled for all the shields. Avast has NetworkShield (URL Blocker) which blocked quite a few links. Evo-Gen & FileRep were also good. I didn’t got any autosandbox popup. After system restart, with all the shields & new Evo-Gen & FileRep it did very good. KillSwitch, QuickRepair & AutoRun showed no probs. HitmanPro found 1 malware & 1 Yontoo entry was there in msconfig -startup.
Honestly I think such results are to be expected with the default settings (not saying that default settings should be like that, just that they are) Or did I miss something? ???
I hope I can purchase this laptop I’m borrowing for cheap since I need a new testing computer (motherboard is busted on the old one and can’t find replacement =P but even if I were to find a replacement this laptop should be cheaper) and then I can finally test my setup to see what flaws may lie within.
As the screenshots shows malware files in Office, Java, CIS, etc… folders, can this create probs for those programs or infect those programs & perform malicious actions? Malware files in CIS folder, can this affect CIS functionality?
CIS can block the “creation of files” for the following locations only.
?:\Documents and Settings*\desktop*|
?:\Documents and Settings\All Users\Start Menu*|
C:\Documents and Settings\All Users\Application Data\Comodo*|
C:\Documents and Settings*\Start Menu\programs\Startup*|
You can delete all unrecognized files in the list before doing the virus scan.
It is like the “reset sandbox”.
Or, just set the sandbox level as fully virtualized
Ok I tested with CAV installed now & with many more links. Same results as I mentioned in my 1st post.
As usual default settings.
When I got Unlimited Rights popups I clicked Sandbox.
After test system restarted.
No active malware, only 1 entry RegCleanPro in msconfig-startup & this entry was rated as trusted in AutoRun.
CIS quick scan didn’t found anything.
CCE quick scan didn’t found anything.
HitmanPro found many malware.
Attached are the screenshots.