malware's bypasses Defence+ easily without alerts

A few week back i tested a couple of malwares when CIS 5.8 was in beta and they could bypass defence+ easily and even crashed CIS and Windows
It was a BUG So i uploaded the bug report here
https://forums.comodo.com/bug-reports-cis/cis-58-bug-that-crashed-cis-and-windows-t77531.0.html
i since it was beta i thought it would be fixed in the full version but Dev’s could only fix CIS crash and the malware’s still bypasses Defence+ easily without alerts and modifies a lot f system files as well

Can anyone recommend a fix for the Bypass the settings used were as mentioned here
http://www.techsupportalert.com/content/how-install-comodo-firewall.htm
Execept the malwares were tested with antivirus disabled and cloud scanner disabled since they may detect the malware

Just want this to be fixed so that malwares of these types which are not yet detected by antivirus can be stopped by defence+

If anyone else wants to test it you are welcome ask and i will provide u with all files needed

Note :- everything tested on real computer with all files executed one by one at a interval of 10 -15 seconds

https://valkyrie.comodo.com/Result.html?sha1=2e8174b01e927f688807704d93e6864bd6134add

http://www.virustotal.com/file-scan/report.html?id=a79c7ff58cf57af78dc73a76a4312659472ff82d0aa16f6be65659601dc45ce8-1319891410

https://valkyrie.comodo.com/Result.html?sha1=c8c97fa331f6cd8583d12fdd3e503bad7b732fab

http://www.virustotal.com/file-scan/report.html?id=2562494e7925b729aecd8314095683043e4b4bb7705418954818041cc5a55d00-1319891516

https://valkyrie.comodo.com/Result.html?sha1=b2cc48bc5dcf0d8ecb92d501eb19b1561b98560d

http://www.virustotal.com/file-scan/report.html?id=48e650e9103536c407deb1c3cc3f7507cc389adad69b7975f617239534a14d59-1319891773

https://valkyrie.comodo.com/Result.html?sha1=746472d0fb695b6132222ac905680bd00ecf2b3e

http://www.virustotal.com/file-scan/report.html?id=f3d95f5ba45791d11ce27ec7627302bf1e0dceb5a57374f7a6527e26d1047a3d-1319890700

Waiting for reply in anticipation thanks ???

I really believe COMODO should put their main effort on fixing all this Sandbox and Def+ bypasses, rather than cloud AV.

We all know that Sandbox and Def+ are the main line of defense of CIS.
Wether its good to try to catch more viruses with traditional AV, that shouldnt be priority since it will make CIS similar to other Vendors Products.

Any word from COMODO on how this bypasses are being taking into consideration for next releases gives peace of mind.

i dont think comodo is putting their main effort into the AV. they are always improving all aspects of cis. im sure you know with v6 there will be full virtualization with the sandbox, with 5.8 they made the hips as strong as 32 bit. now they are improving av by making a cloud component (im sure it will be more of a complete cloud av then now) which will have valkyrie

Most people rely on defence+ and sandbox rather than antivirus
Antivirus is not always capable of detecting new viruses if it doesnt have a signature for it
Anyway its always been a comodo policy of prevention that is defence+ and if a malware can bypass that then it makes defence+ useless
whats the use of viruses getting detected by antivirus weeks later when the damage has already been done that defence+ could prevent

Its always been know that antivirus which is the first line of defence and defence+ second line of defence and if both dont react to new malwares which can pass them then how will users be protected

A user wont even know for weeks or months that he is infected unless the antivirus update has a signature for the virus and detects it which will be too late since all the damage will be done

we all say we will have this and we will have that in CIS v6 but what about now ?
we always think of the future ignoring the fact that our present is in danger !

If you do not mind may I ask for you to PM me a link to the samples?

Thank you.

Yes Sure Why Not ?
Do Share the results too

Right now seems they are working on the cloud AV. Fanny said it, integrating Valk into it.
But no one has said something about the various bypasses (this post in example).

loveboy_lion its right. This threats are “todays” problem. which need to be fixed in 5.8 and not v6.0, which is still not in beta stage yet.

I have the same problem. I got it “fixed” when i u ntickedthe Sandbox option to automatically detect installers and updaters. Try it while waiting Comodo to fix this.

I tired out those samples and they were sandboxed just fine. no crash, no infection, nothing bad happened.

What samples you mean?

the ones at the top.

May be D+ was just not functioning at all. Better check with CLT before trying with malware samples.

D+ seems to stop work silently without any warnings, then it will pass all executables including malware through. This seems to be a Win7 64-bit problem.

Or it seems to work, but it treats unknown executables as installers and that is why they are not blocked. Maybe a bug i definitions how an installer is defined.

loveboy_lion: Can I have those samples also? I want to test them.

Yea sure why not i will pm u the download link

No offence languy99 but i have seen your reviews on youtube and i think i should upload a video for the conformation
I tested it on windows 7 x64 with enhanced protection on but i guess u should test with these settings
the viruses that bypass defenc+ and sandbox test them with follolwing settings Gizmo's Best - The best of Gizmo's Freeware except antivirus and cloud scanner in defence+ off and you will be amazed est the files with 2-3 hard disk partitions
since one of them deletes all the partition
the other one copies itself and other files and loads files from temp folder into the memory which are digitally signed
they are conformed malwares you can check them by virustotal as well

since one of them deletes all the partition

Actually they hid them.

Well loveboy_lion I followed the settings you gave in that link… with AV and cloud off… and to be honest nothing happen.

Did it all in a Virtual machine… gave it 2 partitions… and nothing happen CPU usage remained low, and Memory usage stayed at 24%… So I cant say that they bypass CIS with those settings. Weirdly enough… Only Clipper and Winprefs where able to run.

Can you try once more with same settings AND installers/updaters option disabled in the sandbox?