What kind of attacks does Embedded code detection protect from, that Command line analysis does not?
Basically, I am asking why Command line analysis was added to Comodo’s protection mechanisms.
https://forums.comodo.com/leak-testingattacksvulnerability-research/defence-plus-safe-mode-is-bypassed-by-poweliks-malware-t108924.0.html the actual wilders post testing comodo is this one.
Read more about poweliks and other fileless malware.
Thanks.
So in what cases will Command line analysis on its own be effective? When an unrecognized file executes a script interpreter?
Command line analysis is when an application runs a script file e.g. .bat, .cmd, .py, .js, .ps1, etc that contains commands/instructions that tells the interpreter what to do. Embedded code is when an applications executes the interpreter application and passes command arguments to it. e.g. python.exe -c print(‘hello world’), powershell.exe -c Get-Date, cmd.exe /c del somefile
Got it. It finally makes sense.
So accordingly, until Comodo 10 came out, there was no significant protection for fileless exploits such as Powelicks?
Correct