1 Like
Literally ended the CIS 
1 Like
Hello. Dear New_Style_xd, I do not have the opportunity to view this video. if itâs not difficult to comment on this video and your words âLiterally put an end to the CISâ
Hello my friend, a person who can speak with all the details, and our friend @XylentAntivirus
As he made the video he can speak with more authority on the subject. 
@XylentAntivirus Could you explain in detail what really happened that the CIS was bypassed.
As you were the creator of the video, we want to know in detail.
Comodo canât contain LNK files also when you scan LNK files it scans real file path not LNK file. Comodo canât contain LNK files unless you manually contain it. So I can run the payload but when I make service with .exe Comodo contains it of course. But when I make service with driver it canât contain it. But there problem. LNK files works on real paths so I need to write very short code to detect where driver located. Because when you write long code LNK file doesnât accept it. So I used where then find the driver location then create the service. I can add shutdown -r -t 10 of course but thatâs just makes LNK file more longer. Comodo generally canât detect LNK malwares.
1 Like
Thank you for your clarification. What about other antiviruses?
1 Like
They can detect LNK file but canât detect this, at least Kaspersky and Bitdefender.
Siradankullanici/0KBAttack: Malicious attack using empty files with its name to generate and execute from non-malicious code
1 Like
Files with the .LNK extension are shortcuts to installed applications. If the association of .LNK files is damaged, it is possible that when opening applications, malicious code is executed, with the aim of controlling your system or personal data.
Comodo monitors launched applications but not LNK files that are not ID (process)
1 Like
Hello, good afternoon,
I had a question when you said that âComodo monitors applications that are started, but not LNK files that are not ID (process)â
Does this mean that we are at risk with LNK?
Thank you!
LNK is a filename extension for shortcuts to local files in Windows. LNK shortcuts provide quick access to executable (.exe) files without requiring the user to access the full path of the program.
Shell Link Binary File Format (.LNK) files contain metadata about the executable file, including the original path to the target application.
Windows uses this data to support launching applications, chaining scenarios, and storing application references in a target file.
Since LNK files provide a convenient alternative to opening a file, threat actors can use them to create script-based threats. One such method is to use PowerShell.
Threat actors can insert a malicious script into the PowerShell command in the target path of the LNK file.
Reminder:
Comodo monitors all applications (process IDs) and understands scripts that are part of the system operator and therefore related to the LNK file
3 Likes
As an example of how Comodo deals with self-contained lnk malware, please view the video at 0.40 second mark:
Comodo and LNK malware example
3 Likes
Thank you my friend @ZorKas , as always trying to help the community, your explanations are very clear and objective.
I always learn from you. Even though sometimes I have difficulty understanding due to lack of knowledge of the COMODO System.
I havenât used Comodo for many years like you, Iâm starting to understand how CIS works with you.
I hope you continue helping all of us on the forum.
1 Like
Hello @cruelsister How are you?
Thank you for sharing your knowledge. I watch a lot of your videos on YouTube.
I have some difficulty understanding your videos in ENGLISH, but I can still get an idea of ââwhat is happening.
Keep posting videos about CIS.
Comodo will detect the threat when launching the process through the LNK file
1 Like