keylogger able to bypass comodo. why?!!!

sd_ahmad · August 6, 2014, 10:31pm

hi all

Topic to discussion

why Comodo does not deal with keylogger

I had raised this subject before, but these files are on the rise, especially when we know it does not need experience in their work

Because it is manufactured by the project metasploits !!!

Please, looking at this topic
https://forums.comodo.com/beta-corner-cis/keylogger-can-bypass-comodo-7-beta-video-t101479.0.html
and this
https://forums.comodo.com/verified-wish-reports-cis/by-default-unknown-apps-should-not-be-allowed-to-connect-to-internet-m808-t101403.0.html

And also this test I have been working in the day

==============
The problem lies not in the file, but the default settings because they allow unknown applications contact >:(

This file is able to seize your bank accounts and your accounts at all forums that you visit

This indicates that the default Comodo does not protect the user’s privacy as much as protects the user’s files from destruction

sd ahmad

Citizen_K · August 7, 2014, 11:19pm

In the past this has been extensively discussed here at the Comodo forums.

At the forums we are not happy with Comodo’s choice for its default settings and Comodo is aware of this. Comodo is making choices with security in mind as well as usability for the big group of users who want to be bothered as little as possible. There is a trade off to make between security and usability. :-\

At the forums we make a different choice. We suggest to follow Chiron’s recommendations as described in his article How to Install Comodo Firewall.

a256886572008 · August 10, 2014, 5:33pm

Another malware:

http://valkyrie.comodo.com/Result.html?sha1=d1df47fff85bb56bab2ff7ff41d4d7996ecc17a5&&query=0&&filename=mgsxrm.exe

http://camas.comodo.com/cgi-bin/submit?file=320957d5914fb3609e1a8ac2d71272be76e45c2b1be43d1c3762d339a90af574

The autorun entries are created by trusted apps which are injected by the malware.

http://imgur.com/zQSQg98.png

logs:

2014-08-11 00:57:08 C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe Direct Keyboard Access

killer89 · August 14, 2014, 7:30am

“keylogger Unable to bypass comodo”

I know what you mean, but that just sounds amusing: quickly judging by the topic’s title you aren’t happy with keylogger not being able to bypass comodo’s protection.

Netguy101 · August 14, 2014, 7:48am

Not everyone on this forum has English as their first language so please be respectful. He is obviously saying that a keylogger DID bypass Comodo.

thug4real · August 14, 2014, 4:12pm

Mod please correct the title of this topic to not be misinterpreted anymore.

mouse1 · August 14, 2014, 4:21pm

Done

sd_ahmad · August 14, 2014, 4:25pm

thanks :-[

thug4real · August 14, 2014, 4:58pm

Thx Mike :■■■■

killer89 · August 24, 2014, 6:45pm

Mine is finnish.
I learned english by studying it, so please stop using “english as first language” - card as its just plain cheap.

yro · August 24, 2014, 7:41pm

Not everyone on this forum has the time to expend studying english just like you have. As of example, me. I can talk a little in english but I expend my time with more important things, such as my job, my family and my life…

radek178 · August 24, 2014, 8:16pm

Even I have the settings according to Chiron, I found more then 10 files only during the last week that are infected and CIS let them go. I have ON: HIPS, fully virtualized sandbox, AV …

It is enough if the file has right digital certificate and even it is infected, CIS leaves it. It is a big problem. I stopped believe to Comodo. The files are the ones that are not in the AV database of Comodo and has digital sign.

It lasts for few months now since I found it out. But lately there is still more and more infected files with the digital sign - the sign is very often frmo Rising - it is not antivirus in any case as somebody tried to tell me here in my topis where I wrote aobut it.

Chiron494 · August 24, 2014, 9:56pm

CIS only ignores digitally signed malware if the signature is in the TVL. Did you report the files you ran into in here?

radek178 · August 25, 2014, 7:02am

Hi,

because topic where I wroted my experience was locked I cannot reply to Chiron https://forums.comodo.com/news-announcements-feedback-cis/keylogger-able-to-bypass-comodo-why-t106143.0.html;new;topicseen#new.

I reply here.

CIS only ignores digitally signed malware if the signature is in the TVL. Did you report the files you ran into in here?

Yes I know but many infected files has signature from CIS TVL. For example Beijing Rising. It is a reason why I think that rating files/apps according by TVL is very dangerous.
I founded one file without digital sign yesterday and when I launched it, CIS add this file to Trusted Files…

I am very surprised how many files can bypass Comodo.

wasgij6 · August 25, 2014, 7:17am

I think this topic was accidently locked so i unlocked it.

a256886572008 · August 25, 2014, 7:29am

Maybe the problem is at the cloud scanning.

2014-08-25 15:19:18 C:\virus\td\Youbo_vod_D116.exe Scanned and Found Safe

Its digital signature is not in Trusted Vendors, and it will be sandboxed if the user disables cloud lookup.

radek178 · August 25, 2014, 8:20am

Thank you for unlock topic.

I do not know if cloud scan can cause this (my) problems. I found that many infected files cause those problems. It did not happen before so often.

But I have now few files (I deleted lots of them when I was angry) with digital sign and some without it. It seems CIS does not put those files in the sandbox but runs them as untrusted.

I tried to run 1 infected file that should be screensaver. Comodo correctly put it in Unrecognized files but cannot be deleted from it. I uninstalled CIS Pro. Install again only Firewall and file is stil in unrecognised and cannot delet it from there even I already delet it from HDD.

qmarius · August 25, 2014, 9:07am

Nope. File is clean.