Hi. I am wanting to do some testing via malware domain, but whilst googling it i cant seem to find the right area i used to use when testing. Hope this is ok asking forum members for info of this sort.
Regards
Dave1234.
Link removed by moderator.
Please don’t post links to live malware in the public part of the boards.
They do it on purpose i think, because this site can be very dangerous for n00bs.
I hope you know what you want to do. this site contains zero day malware that not all security software can detect. So be very careful because you can harm your computer.
Link removed by Moderator Please use PM’s Thank you
Good luck
@ Adonis.Thanks for the cautionary tale but i am fine with Mdl as have used it lots before and just want to check out Cis Rc2, and usually do the testing in Shadow defender.@ siketa Thanks for the link… Here goes.
Regards
Dave1234
I tested RC 2 a little vs. MDL because i was impatient to try cloud scanner. I want to say you that i was disappointed. I never had a chance to see a cloud scanner in work and signature scanner detections were very poor. When i uploaded files to Virus Total they almost always were detected by Bitdefender (it has one of the best signatures and heuristics) but comodo missed them :-\ 
+1
Yeah I’ve been testing CIS 5 RC2 all day. Even on high heuritics it still misses alot of trojans. They usually get sandboxed though. I’ve increased the unk file to restricted instead of partial limited. Bitdefender does seem to find alot of the malware. I always thought bitdefender was kind of middle of the road as far as detections. I’m hoping that with the final version that the cloud AV kicks in. The detections at this point are kind of disappointing.
The question is not whether the AV detects all of the malware. CIS is about prevention in the first place and detection in the second place.
The question is whether it prevents the malware from doing harm to your system. It should not be able to make its self autostart for example; after a reboot it should not be running (it will still be on the hard drive but is doing nothing).
Yes I agree. Nothing actually runs or changes anything on my system. I guess it just makes me feel better that things are being detected. It gives me more well being knowing that my AV is picking up on things. So far the sandbox has either caught them or D+ automatically restricts them. I have the D+ log showing that its blocked 13987 intrusions and counting. One of the trojans is active but not allowed to make any changes. Apparently its continuing to try.
We need to also take into consideration that Automatic Sandbox virtualization is not enabled by default. Defense+ handles the sandbox applications, and sandboxed applications can NOT do anything to harm the system.
If you threw 50 malware samples yesterday, today and tomorrow at CIS, you may at the end find that if you scan your system with various antimalware scanners, you will find a registry key or temp file here or there… but they are not active at all. Especially with upcoming CIS ver 5, which is released on 14th of September.
Josh
I can confirm that nothing got through the sandbox and D+ but as kjdemuth mentioned before i just feel better if i know that AV is my first line of defense and not D+.
Because the malware should be stopped first by antivirus and if something was missed by AV it should be caught by HIPS. But i again hear the same phrases i heard many years ago that nothing got through anyway, so it’s not a big deal that our AV is so poor. If it’s again the Comodo’s agenda they don’t need even try to be tested by AV-C because the result will be very bad.
And people again will install a different AV component and only comodo’s firewall with D+. If for comodo av is not so important in their philosophy why they began to develop it. They have a superb firewall and terrific D+ so keep improving what you think is important and you are good in.
The AV is getting more and more in focus these days. Melih used to be against having it tested by AV testing orginisations has changed his mind. The certification by West Coast Labs was the first of more to come.
Detection rates have gone up considerably. Apart from that the production of malwares has risen so strong over the last years no AV can keep us with making definitions for it. As a consequence other routes are being tried. HIPS is one of them among behaviour blocking and going to the cloud for av definitions. HIPS has the strongest proactive potential of them all.
But if you truly believe the AV is the first line of defense and think Comodo’s AV is too weak for your comfort then please use another AV program. We still live in a free world.
I used CIS 4.1 as the full suite because i trusted in COMODO AV.
I know that no signatures can be good to detect all zero days malware that i take from MDL. But that’s why i am alarming. I was impatient to install CIS 5.0 to try try cloud scanning. But i have feeling it does not work!
Can you confirm it? I downloaded at least 20 malicious files, activated some of them but none of them was detected by cloud scanner or cloud behavior blocker ???