Comodo bypass again? yes.

[b]Ok another POC, for you ! comodo !!
Step for reproduces it :

Have fun.[/b]
[i]

no posting possible malware on the open forum. Last warning, if you do it again you will be banned.[/i]

Ok it is over, wait a moment,.

ok people, u can try now, run it in a dummy computer or virtualbox !
Note for this files :
if u have sandbox enabled : allow the application.
without sandbox : Dont know, probably give one alerts with getpendingfilesrenames ( Orange ) oye!
To be honest, 0 users use the sandbox.

I ran it, it asked for unlimited access to the computer but becasue it was unsigned it recommended to be run in sandbox. Running in sandbox it did not do anything. I restarted and comodo ran just fine. If you bypass that first alert and say yes of course you will kill comodo because you are letting it do it. You application by itself cannot do it, the user has to do it. So sorry you fail.

And guess what Running diagnostics from comodo fixes it and bring it right back. lol

comodo hater is trying hard < appearently ;D

good luck , :smiley:

Stop to be stupid. If you run it in sandbox it’ll said that it don’t have administrator rights. It’s not the same as “it did not do anything”.

If I made it well like I do before, you may allow it because you try to install something. With this configuration, Comodo fail because we don’t have any other solution expect allow the application otherwise we can’t install anything. This pop up, it’s just like an UAC pop up.

Default Settings = Sandbox enabled; when the applications is unsigned, than this application muss runed in Sandbox. I think this is very clearly mentioned in the alert and any novice user would read this. When the user allow the application, than the user fail the test, not CIS.

Well, you’re not. I’m one who uses sandbox.

when I said in sandbox it did not do anything, it had nothing to do with administrator rights. The program installed but it could not change a registry key, that would stop cmdagent from starting. Which was the main thing it tried to do. The program finished install it I hit ignore on that error.

That’s just it, you, not Comodo, is the fail for allowing it. Second, you need to learn what UAC is and what it is for.

Can someone please PM me the malware sample. Cheers.

I just deleted off of my computer, sorry. It was nothing special, just a program that tried to modify a registry key to stop cmdagent from starting. If moveax wants to he can PM it to me. Just don’t put it in the public forum.

its not a malware, rofl. u can’t determines if its a malware or not how u can block/allow alerts ? wuutz

If you click Allow for everything (with Comodo, Online Armor, Malware Defender, System Safety Monitor, etc etc), then all malware or POCs etc etc will bypass them all with ease.

This is why I like a default-deny approach with an anti-execution mechanism of protection. You can configure all those programs I mentioned like this.

In fact, you can click Ignore or Skip or Allow for Antivirus/Behaviour Blocker applications also (Prevx, Avira, Avast, etc etc) and you will find that all malware will bypass it. Some of these programs can be configured to automatically “clean” the infected file, but good luck if it automatically “cleans” a genuine system file haha (false positive).

Once again, for a “noob” user who keeps getting infected, default-deny with an anti-execution mechanism of protection is ideal and this “noob” user will never get infected, period.

And once again, nothing will stop the (“noob”) user from clicking “Allow”, “Ignore”, “Skip”, etc etc, if you give them the choice to do this!

The problem is that many things are said without being proved on this forum and anyone read this at first view, will think that Comodo is indeed bypassed by malware which is completely untrue.

Begin to think that these statements are nothing but attacks designed to weaken confidence in the product and spreading false information as many. >:(

I have tested CIS 4.x (Sandbox enabled) with several hundred NEW malwares (many were
not in any AV database and almost were reported to Comodo for analysis) and NONE has
infected my computer.

I think here is no problem but someone wants to be a problem…

:-TU indeed