Details of HIPS/Firewall/BO tests that CIS fails

Hey guys :slight_smile:

I’m starting this topic with the sole intention of creating a list containing any IMPORTANT HIPS/Firewall/Buffer Overflow test - i.e. one that actually matters - that CIS fails/could do better in, for the Comodo devs to look into. I’m sure there aren’t many :wink:

Mods
My apologies if there is already a thread like this, or this is not required. In that case, please delete this thread.

What I would love to hear about is real world malware that we fail on. Pls feel free to create another thread if you wish.
thanks
Melih

Hey Melih, thanks for replying :slight_smile:

Isn’t there already a dedicated thread for that? Maybe I’m mistaken, but isn’t that what this is for?

https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected-b154.0/

It says in the title “Malware that CIS has not detected” as well as FP’s ???

Thanks again, and keep up the good work :slight_smile:

I got a pretty good collection. However CIS seems to block almost every sample I launch. I have over 80K files so I cant test each one of it.

However if any one knows a nice nasty peace of malware please PM me. DO NOT POST IT HERE.
PM me and I will test it right away.

Just so you know, until now, D+ blocks everything I put to the test.

I tried something similar…

https://forums.comodo.com/feedbackcommentsannouncementsnews_cis/i_have_yet_to_discover_a_virus_malware_and_such_able_to_bypass_cis_d-t36510.0.html

Didn’t get a single PM…

Guess CIS is pretty solid! =)

CIS is too overpowerd for simple malwares… :smiley: it needs some kind of lab generated unrealistic super baddie where you click allow once or twice and with a code designed especially to avoid detection by D+ ! :wink:

EDIT:: still a good thread Beanie, I think Clipboard logger detection is not there atm, Melih happens to know if catching this “behaivior” is in the planning maby for 3.9?

Yeah, AFAIK there’s no clipboard logger detection as yet.

I don’t know about webcam logging though… is that a valid concern, do you think? ???

Shall I create a new thread, as per Melih’s suggestion?

Or just edit this one’s title?

Thanks :slight_smile:

You can bypass the x64 version although real world malware most likely won’t do so.
I hope they will make a full x64 ring 0 HIPS, hopefully with 3.9 soon.

rejzor said something about that D+ doesn’t catch Virut but

  1. he didn’t tell if he used proactive config profile (which is needed to prevent patching any executables)
  2. he doesn’t share the sample.

Sounds like trolling to me…

I don’t share malware samples with anyone that is not a malware expert that i know or someone from an anti-malware company.
And as i said, i used default Safe Mode profile for Defense+. I haven’t changed anything else.

Do you still feel like trollin’ ?

Well, just telling it doesn’t pass without really telling further details is just… :-TD

Guys, I really don’t want this thread to turn into an argument about ‘trolling’ or whatever…

I made this thread with the sole intention of creating a list of tests/malware etc that CIS is not incredibly strong against, so that the devs could make it incredible strong against them (not saying CIS isn’t strong, it’s one of the strongest security solutions out there ;D)

Thanks :slight_smile:

:stuck_out_tongue: