HIPS fail with brazilians trojans today

Verify this


Have you tried changing your CIS configuration to Proactive Security? If not please try changing CIS to Proactive Security config and also do the following changes to your CIS configuration and try running your malware sample again:

Configure CIS for anti-executable\default-deny using the following settings:

  1. Security Settings > File Rating > File Rating Settings > De-select “Trust applications signed by Trusted Vendors.”
  2. Security Settings > File Rating > File Rating Settings > De-select “Trust files installed by Trusted installers.”
  3. Security Settings > File Rating > File Rating Settings > De-select “Enable Cloud Lookup (Recommended)”
  4. Security Settings > Defense+ > Sandbox > De-select “Detect programs which require elevated privileges e.g. installers or updaters”
  5. Security Settings > Defense+ > Sandbox > Create rule as follows: Block - All Applications - Unrecognized

Using the above configuration CIS HIPS and Auto-sandbox are basically configured for maximum security so I doubt a sample could bypass that.

The CIS it’s in Proactive mode.

The sample I tested are not trusted assigned.

I exclud the sample.

where can I get the best configurations for cis?

Could you please include the exact download link for the file ?

Edit: I found a copy but it’s in a zip file and it is password protected. Just wanted to test it for myself.

Have a nice day/evening/night depending on what part of the world you in. :slight_smile:

Hi sAyer,
Attaching or linking to malware is not permitted and is against the Forum Policy.


Of coarse that’s well understood. I thought maybe it could be added to Mega or EmpireBox. When a files Which claims it can bypass HIPS. No matter the origin I have a deep interest in seeing it. Not that I believe it is possible for a moment.

Thanks captainsticks.

You could always ask for such links via PM.

That would also be fine. If the OP will take the time. Thanks Sanya

Maybe the sample was trusted by Cloud Lookup (sometimes some malwares are marked as trusted by Cloud or Trusted Vendors List, but its rare), do you have your Defense+ logs from when you tested the malware sample?

If you are a paranoid user like me you can use this anti-executable\default-deny configuration while keeping enabled both Cloud Lookup and Trust applications from Trusted Vendors. However I will not be responsible if this configuration (or any variation of it) damages your OS.

Alternatively you can use this configuration: http://www.techsupportalert.com/content/how-install-comodo-firewall.htm

Yes I have the logs and it no reference for the malware when I executed it.

I have the sample but its password protected in a .rar file. No way to get to it. Run Hitman Pro and if nothing is found then be assured.

I send you now via PM the link for the sample ( I recovered ).


I’ve tested it and HIPS is not Bypassed

Post screen for Defense+ logs here please.

Dear tachion, which configuration you use? hugs

Firewall Security+cloud off

Thank you! Do you believe that will have more security in proactively?

Solved !

My CIS ( ) had damaged.

I reinstall it and now works fine.

Thanks everybody !