Jon79
July 29, 2016, 2:03pm
5
One of the suggestion to increase security with CIS is to modify the rule for unknown files to run virtually and untrusted.https://forums.comodo.com/resolvedoutdated-issues-cis/limited-and-restricted-block-screen-capture-but-untrusted-does-not-m399-t95001.45.html
Personally, I have set the auto-sandbox rule to block unknown apps.
I don’t know if you saw this one contrasting Sandboxie and Comodo’s sandbox (on-demand mode):
https://www.youtube.com/watch?v=Rs4FokfBeCo
Seen is that the sandbox by itself was equivalent to Sandboxie in stopping the malware. The issue that arose in the current video is that the auto-sandbox feeds off of the TVL and thus allows trusted processes to operate. This issue is the reason that the Comodo Trusted Vendor List was published for those that may want to tighten things up in this area.
Note also that the certificate used for the RAT was such a one that it bypassed AppGuard (which has a limited TVL) with ease, and AG had no further defense against it. Comodo does as was seen by adding the HIPS module (which is default anyway). The Reverse function of the HIPS is cooler than words and stopped the malware cold.