I tried with SB enabled or disabled.Same result.One regkey is infected every time, even if i block everything.D+ in safe mode,FW-custom policy mode.Here is the sample to try>>>obfuscated link removed
Look at the screens.I just allow explorer.exe to run it, because no other way to test.With SB enabled, it starts automatically, so it’s the same.
Mod edit : Please do not post links or obfuscated links to live malware on the publicly accessible boards of this forum.
[attachment deleted by admin]
After all that, it still tries to connect.I wonder how, if it’s blocked.
[attachment deleted by admin]
CIS doesn’t prevent the malware to create this key because it’s not critical.
It’s a harmless trace and it would be useless to protect the whole registry.
I don’t think there’s any other product which protects so many registry areas by default like CIS.
Btw: Linking to malware in the public forum is not allowed. Join the “malware research group”.
how it is blocked when you allowed execution…
after that I guess you said block to particular behaviors, so it is only one behavior in line, dont know what is so strange…
plus, I agree totally with evil_religion
again comodo alerts is useless, 2 & 3 can be allowed, a real user will allow it…
2 alerts : the programs failed, try to reopen , update
3 alerts : The programs has a HWID.
u think in real condition , u will block it ?