Someone claims they have malware that can bypass CIS?

Comodo - Desktop Security: Fernando, which malware was able to bypass a computer protected by Comodo?
Fernando Bertê: Various

Facebook Guys this guy called Fernando Bertê has various malware that can bypass CIS. Anyone know anything about this?


I have no idea. From what I see he has been testing the AV; read testing detection not prevention.

this is trojan

this is the trojan that comodo misses

[i]do not post live malware on the open forum, please submit it here[/i] languy

What are the settings of your CIS?

Fernando. When you were testing CIS did you have D+ and sandbox enabled? Or were you plainly testing the AV without Defense + and sandbox?

Please PM this malware to us.

Its highly unlikely that D+ will miss this.

Melih, when someone discover malware which can bypaass D+ would you fix this vulnerability in the next version of CIS? :slight_smile:


Fernando. Can you send a pm with the url to download the malware you found?

I have 2 types of malwares.
Both are Ransomware.
You don’t like this type : Ransomware - YouTube

First - “gpcode” - which can ecrypts all your files without popup from Defense+ (only sandbox can stops this malware o high security level).

Second - Ransomware which displays windows all over the screen. User can’t do anything, probably can lose all unsaved data (docs etc).

Do you accept my challenge? >:-D

(have both samples, previously i’ve sbmitted them to egemen).

Well, I used comodo internet security with all updates and database, the sandbox was turned on and all settings were on maximum level of protection. I downloaded the file and it did not detect clicked the file and then ran the comodo placed in the sandbox but at no time did he intercepted file directly or flagged as malware, then the suspect file created a process as I noticed. This is just one case that happened. These files are removed from a list of reported threats every day by users of the site I am part of this site and beyond in VirusTotal, Phishtank.

Was this malware active after PC restarted?
If not, CIS prevented the indection… :wink:

Do you still have the malware for us to take a look at it?

Giving how CIS works we are interested in the following questions:

  • was it able to send sensitive information without user consent?
  • could it make its self autostart? Formulated differently: did it survive a reboot?

if it was put in sandbox, then there will be no infection. So no bypass.

Fernando: the key is, did the user’s computer got infected or not. in this case because it was sandboxed it did not get infected.

Melih has accepted my challenge! Yay. :slight_smile:

so they are going to improve the gpCode?

I don’t know, first they must verify the issue.

wow it took them a litte while to finally look into this. the gpcode weakness post was started like 5 months ago. well hopefully it gets fixed

Even if the file runs in Sandbox, if it is able to send user data/personal details or others or any important system information to the author of the malware, we need to consider it as infection.

If it does not autostart, we prevented re-infection in this case.

Am I correct?

I have to agree.

IMHO, infection occurs not if it survives a reboot, but if the malware can execute its intended actions.

Using a medical analogy, we cannot say an infection never occured just because the patient got better. :wink:

Ewen :slight_smile: