CIS V5 public beta

Discussion in 'other anti-malware software' started by kjdemuth, Jul 29, 2010.

Thread Status:
Not open for further replies.
  1. syk69

    syk69 Registered Member

    Joined:
    Feb 7, 2010
    Posts:
    183
    Well found a malware fake av that went right through comodo v5. Its called PC Defender and it installed and took over virtual machine. I saved the msi file to my desktop and right clicked on it to choose properties and chose unblock in the advanced section of the properties then when I ran it, it was added automaticlally to trusted files, the sandbox didn't pick it up. If anyone wants to try it as well its on MDL.
     
    Last edited: Aug 6, 2010
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Apparently you can import a backed-up bases.cav file into CIS 2011,it's located within 'scanners' subfolder of CIS program folder.There's a post about it over on the Comodo forums which I'll link here if I can find it again.
     
  3. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,589
    Location:
    UK
    Did you try to run the fake av outside comodo's sandboxo_O
     
  4. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,589
    Location:
    UK
    Ok I will download the v5 BETA and will try to apply the database manually:)
     
  5. Melchi501

    Melchi501 Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    90
    "Well found a malware fake av that went right through comodo v5. Its called PC Defender and it installed and took over virtual machine."

    Its true! (beta bug? installer problem?).
     
  6. syk69

    syk69 Registered Member

    Joined:
    Feb 7, 2010
    Posts:
    183
    No just ran the msi but comodo sees it as a trusted file so it never gets sandboxed. Apparently its a bug with msi installers.
     
  7. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,589
    Location:
    UK
    Ok but you can manually run the file in sandbox does your result leads the same thing:)
     
  8. Melchi501

    Melchi501 Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    90
    Cant run it in sandbox manually:eek:.
     
  9. LagerX

    LagerX Registered Member

    Joined:
    Apr 16, 2008
    Posts:
    565
  10. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA
    good so its gunna get fixed glad to hear that
     
  11. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Considering it since i uninstalled Malware Defender :rolleyes:
     
  12. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    976
    How would it run it in sandbox unless you run it manually? Comodo 5 doesn't have an auto-sandboxing feature. The execution control has auto-cloud scan but all sandboxing has to be done manually or with the "Always Sandbox" list. If you uncheck the "Automatically trust files from trusted installers" on the Sandbox settings tab, it should run inside the sandbox.

    If you have enabled any of the "trusted applications" settings, it may get through if the installer has a forged certificate.


    Nevermind. I see now "Untrusted Files" are automatically sandboxed. I'm not set up to use that feature so that's why I haven't seen it happen.
     
    Last edited: Aug 7, 2010
  13. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA
    does CIS5 beta have auto program updates? or do i have to install every new beta?

    cant remember with past betas
     
  14. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,589
    Location:
    UK
    I even asked the same question:)
    Info
     
  15. goroflack

    goroflack Registered Member

    Joined:
    Jul 16, 2010
    Posts:
    7
    There is an auto update feature that allows you to update to new betas.
     
  16. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA
    thanks for the info guys.
     
  17. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA
    hows the sandbox in version 5?
     
  18. Cvette

    Cvette Registered Member

    Joined:
    Apr 16, 2010
    Posts:
    373
    Location:
    South Carolina, USA
    This however does not work from what I have heard, it is disabled in the beta. I could be wrong though.
     
  19. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA
    trying out CIS5 beta right now so far very stable. really no popups at all. im liking it.

    hows the sandbox? any issues? does it work better in version 5 than 4?

    thanks
     
  20. MisterMooth

    MisterMooth Registered Member

    Joined:
    Nov 23, 2009
    Posts:
    39
    The automatic sandbox has been tweaked for compatibility while still maintaining security. Everything I've run so far that's been automatically sandboxed has run without problems.
     
  21. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    I don't know if this is a proper place to ask but didn't want to start a new thread for this.

    How many time Comodo AV updates a day?
     
  22. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA
    not sure but it seems to be alot
     
  23. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Thanks...:argh:
     
  24. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,584
    Location:
    Romania
    For me,because i always check :D almost every one and a half-two hours.
     
  25. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    It varies,but it can be many times a day,there's no set limit.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.