Hi everybody,
I have just seen a malware test with CIS 8 on youtube.
At the end of the test, HITMAN PRO finds 6 pieces of malware.
How is this possible.
I look forward your answers.
Thank you very much
I guess it’s because the tester has the archive with infected files already on his virtual machine when he tested CIS. The new version of CIS with default settings sandboxes only unknown files downloaded from internet, while it considers as safe all the files which are already on the system.
He should change “Internet” setting to “Any”.
Siketa,
thank you for answering.
Where could he change the settings??? Is it not changed by default in the latest version???
Thanks to djigibao.
[attachment deleted by admin]
Thank you very, very much!!! These graphics helped!!!
But would it not be better, to change the configuration by default???
Karniaris
Boy, that’s just a bad setting! I changed mine. Thanks!
[attachment deleted by admin]
considers is a bit too much.
I’d say it’s an inability to auto-sandbox files without streams (in other words, files with no origin information). Sanya IV Litvyak has explained this known issue here quite fine.
How is this an issue? Well, I’m not sure whether it’s intended or not (hopefully not). What I know is that this is considered as issue since it was not rated ‘invalid’ by devs.
Now I have learnt to switch to the configuration “proactive security” instead of “internet security”.
I hope I understood everything correctly.
Thanks a lot. (CLY)
According to the head developer
May be the issue is related to the advanced users who download malware archives from the web, copy archives with malware to a virtual machine and possible other actions that get rid off the ADS?
I had similar problem on my PC. CIS have a big problem with malware files that are digitaly signed - CIS allow run it because lots of digital sign has CIS default as trusted…
CIS does NOT allow any app with a digital signature to run without an alert. The digital signature has to be present in the trusted vendors list. If its not then CIS will show an alert.
CIS allow app with digital signature without alert. On the internet there are lots of infected files that are digital signed. When I run it CIS lets run them without alert. This infected files has digital signature that Comodo has in trustfull. It means CIS lets run infected file without any alert. It means malware creators can just buy/get digital signature that Comodo has in trustfull and CIS lets any infected file to run (I mean file that does not get as AV engine). I solved those problems for few times in the forum.
The only thing that helps is to delete all trusted vendors. But then PC does not work OK, because it asks about any file that is run.