Comodo FAILS to stop "Smart Fortress"

fantab · May 31, 2012, 2:22pm

I was shocked today to find my Win-VISTA PC infected with a 'rouge’ware SMART FORTRESS, a fake anti-malware application.

Comodo failed to prevent this intrusion. I have latest Comodo [CIS Free] which is up to date, I use Comodo DNS and my Defense + is set to ‘proactive’.

I eventually removed the said intruder with Malwarebytes Anti-malware following the instructions on Removal instructions for Smart Fortress 2012 - Malware Removal Self-Help Guides - Malwarebytes Forums.

I hope Comodo will rectify their shortcomings and see to it that such intrusions do not by pass CIS in future.

siketa · May 31, 2012, 2:34pm

Did you allow it to install or it bypassed sandbox/Defense+?
Any screenshot would be of great help.

Chiron494 · May 31, 2012, 4:55pm

Can you please upload the sample to VirusTotal and post a link to the results?

Thanks.

miloszcz · May 31, 2012, 5:05pm

With correct installation of CIS there is no way for SmartFortress to bypass that. Whether it was sandboxed - after restart it should be gone. I bet you have even not restarted the system

Seany007 · May 31, 2012, 5:57pm

You prob made a mistake somewhere mate. Also who said that Comodo is bulletproof? LOL! Comodo can be beaten.

siketa · May 31, 2012, 6:02pm

Right! There are rare cases of trusted malware…
Maybe this is one of them…

miloszcz · May 31, 2012, 6:27pm

I know how this malware works, I tested it few times. I’m behind the experience, I think you make just a guess. It is not sophisticated malware.

That is true it can be whitelisted. But that is another problem.

Seany007 · May 31, 2012, 10:41pm

Sure it is a guess. Sophisticated malware is another matter. Could be white-listed, could be that on his PC Comodo don’t function properly, could be that he is using other things, could be anything.

fantab · June 3, 2012, 3:21am

Seriously, what is the “correct installation of CIS”? I am afraid to say that SMART Fortress bypassed everything. After I discovered it on my PC/Desktop I ran a scan with Comodo a couple of times and needless to say, I restarted my PC a couple of times.

Unfortunately, I cannot upload any more information about the ‘Malware’ as I have cleaned it all with Malwarebytes. By the way, there is no other protection on my Vista. And as far as I know, CIS is configured properly and it has served me well in the past years.

I never said Comodo was 100% foolproof. I did not intend to bad mouth CIS but to bring the fact to the forum’s notice. I am still a fan of CIS.

I hope CIS will not disappoint me in future, at least not big time.

languy99 · June 3, 2012, 3:29am

how did it get installed? Rogues usually need user interaction they don’t just do it.