Either this is the most dangerous rogue on the planet or restart was needed

Hi COMODO :slight_smile:
Here is the most shocking test on youtube(Or at least for me)

Realise that all the pathes on MBAM scan leads to on rogue folder :o
(By the way I didn’t make this test

Restart and I would answer. :-TU

My prediction would be that there would be traces left but nothing dangerous would be active!
We actually need professional Comodo youtube testers who know how the product works.
But hey, whaddaya I know? :-\

So when you restart COMODO deletes the sandbox files?
or it just hide the pathes?

As I seen in the video; All files were either sandboxed or caught by the AV; He’ll need to restart to get more info from the video

What was found was just images/xml which basically is harmless unless there is an executable left behind by which CAV doesn’t detect a image lol or a XML… Why should it?

Lol, this is just an adware - fake translator.
It creates a lot of files, so it may be shocking for something who knows nothing about malware.
Believe me, CIS pass almost 100% for me. And i don’t see a point to open a new topic and provide a useless coversation about “most shocking ( :D)” test.

Clean mbam’s report or full of entries means nothing.

GakunGak: :-TU
We need them.

Personally, I won’t watch videos without commentary, and even less those with terrible music. If they have something to offer, make a video explaining everything.

Comodo deletes all/any changes made by those files.
Files remain inactive [parent ones] and spawned ones are deleted after restart.
My verdict so far is there’s not a breach until proven otherwise.
If something remains in My Pending List, you can Delete File them from there, no harm done.

One problem i see is he is also running avast on that PC everyone knows you shouldnt run two AV’s at the same time. Also ooVoo is a legit piece of software i actually have it on my PC use it for conference calls.

I didn’t see avast.

The only thing that shocked me was that he took the time set-up CIS (including things he wasn’t going to use, like the Stealth Ports Wizard) and then immediately lost it all when he switched Profiles. Although, he did set some stuff up again.

Why did you rate this so highly ahmedhhw?

Check out the first pop-up its a Avast pop-up. Its about 3 mins and 30 secs into the video.

[attachment deleted by admin]

Yes, sorry you’re quite right. But, was avast actually on the VM system or the host system? I didn’t see it on the VM’s systray icons. Perhaps that was from the host system somehow?

Thats hard to tell… Just looked funny when i first seen it but ya know there are alot of haters out there and icons can be hidden in tray.

Hmm… I know that’s possible, but I didn’t even consider that. Obviously I’m way too trusting. :smiley: But, it certainly does look strange now you’ve pointed it out.

This was on a host machine.
It happens.

The avast only that control trafic of the vm if the network of the vm is set to be a NAT.

Avast was installed on the host, not on the vm.

So, if the VM is set to NAT… everything, effectively, routes through whatever packet/string inspection there is on the host? That doesn’t sound like the best idea for this type of testing.

Without CLEAR testing methodology from youtube testers, I can’t seem to put myself to “trust” every single video I see…
NAT config in these type of testing is WRONG, as VMWARE in these test scenarios have to use “Bridged: Connected directly to the physical network” configuration to separate host from virtual and hence, no host av will pick up malware or interfere with testing.

What I would propose is to someone [languy maybe?!] to make a youtube video HOW TO TEST COMODO the proper way so everyone can follow the same procedure.

But we also have to take into account that REAL world computer usage IS NOT the same as in controlled environment where you know what to expect and what to allow or deny.
These tests are okay from time to time, but what I think more important is to show users of Comodo the most efficient and safest way of using it. That alone can prevent dozens of bad situations.
I wish testing organizations had a youtube channel so we could see how they test things instead written on paper. I liked Bluepoint test challenges because they tried to make their malware gathering tool try to recognize if a malware bypassed sandbox and infected the system or not. At first it didn’t work but after several attempts it did the job.
What I am trying to say is, We need people who know what they are doing. Not just copy paste links one after another and then open hitman pro and mbam at the same time and do a scan.
My 0.02 euros because I am a poorfag…

I don’t think you are quite right their. All that happens on a restart is active process are closed (by windows restarting) and because malware is not allowed to right to startup entries it is effectively gone on boot up. From my understanding nothing is deleted unless you delete it your self or it is found by the AV.

Yup vm’s using NAT don’t are intended to test malware since all the traffic is routed to the host machine.

Just like Gakun said.

Avast is on the host and COMODO is on the virtual machine