Protection against crypto viruses (Cryptolocker)

1. What actually happened or you saw:
There is a lot of viruses that encrypt your files and asking to pay him for decryption. Since they use strong algorithms there is no other way to get data back without giving money to racketeers.

2. What you wanted to happen or see:
If some new program trying to rewrite many files (especially MS Office files) then freeze it and ask user for action.
There is must be only few encoders and batch processing software with functionality to rewrite files, so such activity from unknown program is questionable.

3. Why you think it is desirable:
Because there is no protection for weak users against that threat and many of them pay for decryption.

4. Any other information:

I’m sorry for my english.

By default, unknown executables would run in virtualized mode. Thus, suggested & effective protection against ‘CryptoLocker’ is superseded?
Please elaborate on your wish request.

Thank you.

CryptoLocker cannot lock or encrypt your files while sandboxed.
This why you are always protected with CIS against any kind of unknown threats. Whereever the CryptoLocker comes from, it doesn’t matter. Comodo Sandbox will run the unknown files into the sandbox. One of this files can be CryptoLocker and CIS will protect you do not worry. And please use your common sense against viruses and watch out your maus clicks :-TU

  1. I actually saw that kind of infection on computer with comodo antivirus installed. As i remember, antivirus version doesn’t have sandbox feature, so users of CIS probably protected and users of free antivirus probably not.
  2. Virus rewrites huge amount of data. How big amount of data changes can handle sandbox? What about network drives?
  3. Are you shure that all new software will sandboxed?

I have example of that virus, I can share it so you can take a closer look and test it.

1-Comodo Antivirus has also sandbox (See the image:
Comodo Antivirus features, please check yourself, as I show in the image : Comodo Antivirus | Free Antivirus Software Download 2022
2-You can test it in VM if your want. Comodo sandbox is really powerfull, even it can handle a virtual desktop :wink:
3-It is “trusted malware” maybe this is a very rare issue that happens to Comodo.
As I said it is really rare. There is %1 percent, a home user can find those trusted malwares. So do not worry about it.

Using existing vulnerability in Сomodo it’s possible to run (or download and run) an unknown file with ‘trusted’ rights outside sandbox.

It looks a serious bug then, how possible the devs cannot see this. Thank you for pointing out, I will investigate it.

Bug-reports are present. There are some of these:
I can make video illustrating this vulnerability later if it needs.

Video: Comodo Internet Security bypass with active Virtualization - YouTube
Short description: LNK-file executes an unknown application (simple downloader w/o active window) that gets the rights of trusted application and downloads from the Internet (not having permission to access the Internet!) unknown file, which also gets the rights of trusted application.
CIS settings are shown in video.

The sandbox should be sufficient to protect the user against ransomware. I believe that viruscope also protects the user. If anyone finds a case where either of these dont protect you feel free to file a bug report.


Now I have example of ransomware (da_vinci_code) that had encrypted all users files yesterday. Sandbox was turned ON in CIS.
Virustotal 11/56
Is anyone interested in it?


Developers of malware/virus/whatever-you-call-it also has the “latest AV/FW protection” installed in their environment to make “some” assurance that their “program” will work in the wild (and expect some ROI, yes it is an investment!).

Therefore keep your eyes on the road, hands on the wheel and ensure that brakes are working.