Review/Test CIS 5.4 on youtube

GOA · May 24, 2011, 1:11pm

Review/Test CIS 5.4 on youtube from victorh2007

subtitle in English → (cc-Button)

Karniaris · May 24, 2011, 3:58pm

How was it possible, that malware was able to pass CIS 5.4???

There were infections, detected by malwarebytes and hitman.

Are there any answers?

Greetings

Karniaris

miloszcz · May 24, 2011, 4:08pm

Thos files were as unrecognized files.
They couldn’t do anything bad.

siketa · May 24, 2011, 5:40pm

Files are easily dropped in default setting (partially limited).
The best option regarding security is “blocked”.
You can set it after installing favorite applications.

wonderlust76 · May 24, 2011, 5:50pm

Actually I think that perhapse partially limited is not enought as default setting…

SG65 · May 24, 2011, 6:08pm

Thanks for the link, very good channel. On a par with Languy’s and PegHorse’s.

miloszcz · May 24, 2011, 6:32pm

System didn’t get infected, nothing was in memory, normal user even wouldn’t know about any malware in computer, bacuse they wouldn’t be active, he wouldn’t feel them.

Citizen_K · May 24, 2011, 6:54pm

As far as I can tell after the reboot nothing was running in memory according to Malwarebyes and Super Antispyware. Hitman Pro also only showed dropped files. In short there were files dropped and a couple of registry keys written but nothing ran in memory.

The Santander bank Actualizador only ran because it was started and then it would be sandboxed. When the user would click no because unknown program wants to access the web the user will be protected.

wonderlust76 · May 24, 2011, 7:55pm

I agree.
But I prefer a perfectly clean system after restart (so I use sandboxie), it’s my personal opinion, nothing wrong with comodo, the system is safe, at least in this case. It’s weird to me that, in others tests, the computer was totally clean after reboot…so I’m wondering …why?

Citizen_K · May 24, 2011, 9:49pm

It depends on where the malwares used for testing drop their files.

DiSP · May 24, 2011, 10:20pm

After earing all the test, in the end the testers thinks that the Automatic sandbox virtualizes malware, which is a false statement.

Just like eric said, The files detected from both MalwareBytes and HMP probably where just dropped files.

GOA · May 25, 2011, 10:32am

Retest CIS 5.4 from victorh2007 with changed settings

subtitle in English → (cc-Button)

wonderlust76 · May 25, 2011, 11:46am

This new test shows that CIS is very effective if you only set the automatic sandbox on “limited”…then the system is clean!!

khanyash · May 25, 2011, 12:03pm

I dont understand one thing. I have seen many Rising AV Tests where after the tests there were no active threats. Malwarebytes found registry & file entries like here in the Comodo test. But for Rising people say its a bad AV & for Comodo they say these are dropped files, why? When the things are same in both the cases, no active threats & few registry & files entries.

Thanxx
Naren

HeffeD · May 25, 2011, 12:13pm

If that is the case, then most people don’t understand what they’re seeing.

siketa · May 25, 2011, 12:27pm

:-TU

NeoCoder · May 25, 2011, 1:32pm

In the second test results were actually better.

In the first test sandbox allowed values to be written to registry, in second did not. In the second test there were only files in temporary folders.

I hope the Comodo correct these flaws.

khanyash · May 25, 2011, 2:04pm

In one of the test there were no active threats & malwarebytes found few registry & file entries. But hitmanpro found files in windows system 32 & some roaming folder & also mentioned some windows security is changed so it will replace it with the original. So this means the system was infected though there were no active threats, m I right?

Thanxx
Naren

hkjoj · May 27, 2011, 9:32am

May be I can say the system was polluted >:-D >:-D

Valentinchen · May 27, 2011, 10:32am

I haven’t looked at the second video but CIS didn’t let the computer infected; as long as malware aren’t active in memory nothing will happen.

Regards,
Valentin N