keylogger able to bypass comodo. why?!!!

hi all

Topic to discussion

why Comodo does not deal with keylogger

I had raised this subject before, but these files are on the rise, especially when we know it does not need experience in their work

Because it is manufactured by the project metasploits !!!

Please, looking at this topic
and this

And also this test I have been working in the day

The problem lies not in the file, but the default settings because they allow unknown applications contact >:(

This file is able to seize your bank accounts and your accounts at all forums that you visit

This indicates that the default Comodo does not protect the user’s privacy as much as protects the user’s files from destruction

sd ahmad

In the past this has been extensively discussed here at the Comodo forums.

At the forums we are not happy with Comodo’s choice for its default settings and Comodo is aware of this. Comodo is making choices with security in mind as well as usability for the big group of users who want to be bothered as little as possible. There is a trade off to make between security and usability. :-\

At the forums we make a different choice. We suggest to follow Chiron’s recommendations as described in his article How to Install Comodo Firewall.

  1. Another malware:

  1. The autorun entries are created by trusted apps which are injected by the malware.

  1. logs:
2014-08-11 00:57:08 C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe Direct Keyboard Access

“keylogger Unable to bypass comodo”

I know what you mean, but that just sounds amusing: quickly judging by the topic’s title you aren’t happy with keylogger not being able to bypass comodo’s protection. :stuck_out_tongue:

Not everyone on this forum has English as their first language so please be respectful. He is obviously saying that a keylogger DID bypass Comodo.

Mod please correct the title of this topic to not be misinterpreted anymore.

Done :slight_smile:

thanks :-[

Thx Mike :■■■■

Mine is finnish.
I learned english by studying it, so please stop using “english as first language” - card as its just plain cheap.

Not everyone on this forum has the time to expend studying english just like you have. As of example, me. I can talk a little in english but I expend my time with more important things, such as my job, my family and my life…

Even I have the settings according to Chiron, I found more then 10 files only during the last week that are infected and CIS let them go. I have ON: HIPS, fully virtualized sandbox, AV …

It is enough if the file has right digital certificate and even it is infected, CIS leaves it. It is a big problem. I stopped believe to Comodo. The files are the ones that are not in the AV database of Comodo and has digital sign.

It lasts for few months now since I found it out. But lately there is still more and more infected files with the digital sign - the sign is very often frmo Rising - it is not antivirus in any case as somebody tried to tell me here in my topis where I wrote aobut it.

CIS only ignores digitally signed malware if the signature is in the TVL. Did you report the files you ran into in here?


because topic where I wroted my experience was locked I cannot reply to Chiron;new;topicseen#new.

I reply here.

CIS only ignores digitally signed malware if the signature is in the TVL. Did you report the files you ran into in here?

Yes I know but many infected files has signature from CIS TVL. For example Beijing Rising. It is a reason why I think that rating files/apps according by TVL is very dangerous.
I founded one file without digital sign yesterday and when I launched it, CIS add this file to Trusted Files…

I am very surprised how many files can bypass Comodo.

I think this topic was accidently locked so i unlocked it.

Maybe the problem is at the cloud scanning.

2014-08-25 15:19:18 C:\virus\td\Youbo_vod_D116.exe Scanned and Found Safe

Its digital signature is not in Trusted Vendors, and it will be sandboxed if the user disables cloud lookup.

Thank you for unlock topic.

I do not know if cloud scan can cause this (my) problems. I found that many infected files cause those problems. It did not happen before so often.

But I have now few files (I deleted lots of them when I was angry) with digital sign and some without it. It seems CIS does not put those files in the sandbox but runs them as untrusted.

I tried to run 1 infected file that should be screensaver. Comodo correctly put it in Unrecognized files but cannot be deleted from it. I uninstalled CIS Pro. Install again only Firewall and file is stil in unrecognised and cannot delet it from there even I already delet it from HDD.

Nope. File is clean.