On default settings with AV turned off( security policy as internet security, sandbox enabled, defence plus safe mode), how defence plus is going to treat a digitally signed malware? Will it be allowed to do all sorts of damage/ activities on the system?
1.comodo will popup an alert window
2.press the sandbox button
3.the application will do no harm to the system
[attachment deleted by admin]
However, if CIS trusts the digital signature, you are in trouble.
Luckily, this hasn’t happened in a loooong time… :-\
But there is no guarantee that it will not happen in future too. I highly suspect that malware writers are going to abuse digital signatures more and more in future. Why wait for this and fix some weakness after it is exposed and exploited. It,s a weak point in default config of Comodo HIPS and it must be fixed.
Fix is easy. Even an option Not to trust digital signature( while still trusting the comodo white list) will be suffice for many users.
Yeah…Kaspersky has this option(s).
Actually it should be: “Don,t use trusted software vendors list” while being in safe mode and still using white list.