critical problem !!!!

hello people who is the engineer here ? i want to report about critical problem , but nobody return to me
i open a topic before and still nobody return to me !
here a video

Ty and Have nice day !

Bug reports must be formatted as per this post before the Devs will even look at it.
Thank you.

can i send you a private message then you will give all the info to the guy’s in the company?

Can you provide us with a comprehensive explanation of the bug/error that is happening? What CIS settings are being used? How does the file under investigation bypass? Without checking 21 minutes of video; what user actions are needed or not needed to bypass CIS?

i send you private message with a info

I got a pm from mikemuse containing some more details about the bypass. Since Comodo always discusses these things in public I asked to post the details of the bypass.

I also asked him to answer the following questions when posting here. Looking at what you are writing I think you made a batch file that you converted to an executable. Normally CIS should sandbox an unknown executable and should protect its self. That has me wondering what is going on. Does the executable also contain an exploit to get this type of access? Can you also check the Defense + logs and the Alerts logs to see if CIS registered the executable getting executed?

Also I am noticing that you are running Windows 10 using VM Ware Fusion. The UI suggests that the host system is an Apple computer. Another thing I saw was that the alert (at around 16:44 in the video) to reboot the computer after the initial update and quick scan looks different. Please explain why it is different. See attached image.

[attachment deleted by admin]

Unless Comodo something changed in the installer, which has happened once before, I would expect an alert in which I am asked to reboot now or postpone. The alert will suggest a 30 minute delay by default and not a count down counter of 30s.

this is the first places which should be protected from attacker !!!!
Did you check the digital signature if it is intact?
don't forget what happen to so many company ,which using symantec endpoint protection when cybercriminal complete remove the antivirus, and done what they like !

antivirus folder should always be protected !!
antivirus Services should always be protected !!

As stated in the above I share your concerns in case your scenario reproduces. But I also have to stay critical about your testing environment at the same time in the process.

Could you check the logs:

In your pm you’re offering a download link for your test file. Could you send me a download link by pm? We do not allow to post a download link at the forums but when a member asks for a download link you can send the link by pm. That way people can test the file while we protect inexperienced users.

We are not in the habit of publishing the content of pm’s at the forums but I would like to ask you to share at the forum what you wrote me about how you made your test file and at what platforms it reproduces?

I wish I could have seen the video but it has been made private. Possibly some form of trickery with the settings or by other means. I have seen nothing bypass CIS with my tests (which are many) or testing by others. The only thing I have seen come close is a keylogger still being able to capture keystrokes while running inside the sandbox, and I believe that was based on the sandbox settings level.

I’m wondering if his claim is true why he made the video private. Just one of dozens of false claims about being able to bypass Comodo. It’s easy to make a video that appears to do so by manipulating the settings and adding exceptions. Just another poser. If you can backup your claim mikemuse then prove it. 88)