Killed cfp.exe demonstration video by mj0011

Video download:

click on left button and download killcis.rar

Already posted here earlier.;topicseen

Sorry, I had not attentively looked.

Thanks Kyle :slight_smile:

Drops an error on screen. Not downloading…

Have you tried to download it with Internet Explorer?

In the case you still had problems, I attach the file.

There are some things that make me be sceptic. For example, why CIS is not correctly (attached screen) initialized while him is performing the test?

[attachment deleted by admin]

because before test cfp.exe , he was kill cmdagent.exe with killcis.exe the first.
However, process protection is still at work

Ok, why he doesn’t make it see?

However, process protection is still at work

I imagined…

Have you the PoC?

If you have acccess to the POC it would be nice if you could share it here.

I’ll give you some tips:
(1). in the video , the cfp.exe process is not quickly terminated , so this may be a force attack and depending on some mechanism inside the process
(2).CIS’s driver donot hook the function :NtFreeVirtualMemory , which can be use to free all the memory in any process.

Thank you for the tips 3DNow,
I’m a person simple, ignorant… and then I am as San Thomas: if I don’t see I don’t believe ;D
I would like to try in my pc.

My doubt remains: why he doesn’t show us in the video when cmdagent comes killed?




You dont need to hook NtFreeVirtualMemory because you have to obtain PROCESS_VM_OPERATION access right to COMODO processes first and this is intercepted by CIS.
Obviously one doesnt produce videos for getting the credit. He will have to do something real.
When we see the PoC, we will see what this is about :slight_smile: Poking our products for holes is always a good thing.

oha,if your useless NtOpenProcess hook is bypassd,you still can say that?i have told u i only give u some tips…now u can still believe u open hook is unbreakable.haha ;D

Oh you scared me now :slight_smile:

Providing a video but not the tool gives you pretty much the same credibility as a magician you see on tv able to turn water into gold… I don’t buy it, until they made me some… 88) ;D

Anyone can crash anything in a video… Heck I could even be the president of the united states in a video, don’t believe everything you see, especially when it can’t be confirmed… :-TD :-TD

I buy this “crash” when I see a PoC…

Until then this video is just purely trolling… Anyone believing something else probably needs his/her mind checked…

Not that I think anyone here thinks so, but if anyone in here is thinking this video “must” be real… Take a look at this as well:

Melih is at the white house… And they has the CFP logo there now… as you can see with your own eyes…

And what is this: - YouTube T. REX are alive again, in a park near you!

The point is, believing someone who refuses to provide some kind of evidence is just stupid… =) This guy could so easily provide his PoC but chose not to… 88) 88)

haha you can doubt this video,and i will never give u the PoC and your useless protection are still been bypassd.for i have nothing bad.when someday u see the real attack by malware author,u will see how they turn water to glod >:-D

Why would you do that… If you spread it to the public then then we will end up getting hold of your PoC probably sooner or later… :-* And if you plan on infecting a lot of users you will need to use some sort of product flaw probably as well… And CIS is quite capable at preventing many infections that way… and your malware can’t just be aimed at killing CIS… What are you planning? Making a huge botnet? stealing passwords? 88) :wink: And what about the users that uses other products…?? Oh and I guess you are going to make your file so badass that it survives a format (not unusuall for people to do when infected…)…

Anyhow if you are the creator of this video (I don’t think you are, but well) have you tested this PoC is against something else than CIS? (to be honest I hasn’t watched the video…) ;D Anyhow, CIS is the product that passes all HIPS/firewall tests on matousec… (unlike the others) and the product probably intercept more stuff than most suites out there… So Iam sure you could poke a hole in some other suites as well… Thats usually what happens when something new “pops up”… But yeah, sure its possible that you could have found a flaw… No offense but without a PoC your just a troll…

Send it to me over a PM… I will send it to Comodo, if you dont want it public.

The guy is going to take over the Internet with this flaw, he is the Bill gates of hackers… Just wait, he has no intention to share it… 88) ;D