Leo down at TPSC made this video about a demo-malware that can disable many different top-selling antivirus programs.
I would suggest that everyone here follows cruelsister1’s guide on how to remove the majority of names from your locally stored vendor list and disable cloud lookup. This particular malware has a legitimate signature from Zemana. I’ve been seeing a lot of malware in the news I follow that has legitimate digital signatures.
I really hope that CFW/CIS 2024 has the means to stop malware with legitimate sigs.
Edit: One issue I have is that Comodo is still very vulnerable to malicious users. The password protection of the settings doesn’t prevent a malicious user from uninstalling comodo. The yes/no alerts are also a problem that a malicious user could take advantage of.
HIPS and firewall need to be enabled and set to “Do not show popup alerts” and “block requests” by default on all configurations.
And I’ve also seen some people in youtube tests and also here on these forums complain about bluescreen issues with comodo’s sandbox. I think comodo’s container should be set to block all unknown files by default instead of containing them. The performance is much smoother like that.
Thanks for the heads-up.
Never had a single BSOD because of the Containment. I prefer HIPS and Firewall to show notifications. But the firewall should be set to custom rules! As for the Containment, I prefer to set the restriction level to limited and to uncheck the box “Do not virtualize access to” (both). I agree that cloud should be disabled. However, I am still not sure about deleting the list with the vendors. While it could be a risk, there will be a plenty of notifications if you use a lot of software every day (like me).
I’m familiar with her channel. However, there is a lot of content on there and I was hoping that @DrAlrek could post a link to the guide he referred to.
you can just look up the unknown file when it gets blocked.
assuming you change the container to make it block things instead of sandboxing them.
I would suggest you look up the infohash on virustotal and do a re-scan before you do a file lookup through comodo’s UI
Comodo/Xcitium has been known to whitelist PUPs and other bloatware. Sometimes they’ll have malware whitelisted because of stolen signing software
You can also still manually submit files to cloud through comodo’s menu. But I’d recommend submitting the links from lookups on filescan (dot) io to the “submit malware here to be blacklisted” thread. It will get added to the blacklist faster if you submit it to the thread here.
The cloud mistakenly whitelists a lot of malware…well actually, it’s a lot of PUPs, it’s better to upload the malware to filescan (dot) io and then submit the link to the scan result to the “submit malware here to be blacklisted” thread on here. Make a text file with all the links to your filescan (dot) io scan results you have to upload and upload the text file
It gets added to Comodo’s/Xcitium’s malware database faster that way. I’ve experienced it myself
Whether it’s a PUP or malware, you should always report it to the thread here on the forums.
It’s very unlikely that you’ll get any help with that here. TPSC has a discord server, someone there might be able to help you. As long as you’re okay with discord having your phone number to get onto that one