VoodooShield/Cyberlock

Exactly. I have higher expectations of those that know what they are doing (because I don't). By all means knock a product but only after you have tested it and proved your hypothesis. Not everybody is like you, Dan: you test and tell us how wonderful the competition is, and show people how and what you tested. It's the equivalent of inviting an academic peer-review. Good on you!

You may be interested in how I differentiate between techies that know, and those that think they know. Ask an expert a question. Some answer straightaway with the bog-standard answer to look good, others (the real experts) ask you a question in return. Yes, they establish your level of knowledge before taking you to the next level.

 

i agree an 100% that people should talk about what they know instead of deducting conclusions from what they heard.

 

About Comodo- for some reason in the default "Internet Security" configuration only stuff run from the Downloads folder (from the Internet) will be sandboxed (don't ask me why, I didn't code it). Set the configuration instead to "Proactive" and reboot- then you can run files from anywhere.

VS- I completed a VoodooShield video last night in a Vodka induced haze. If it still makes sense once my headache stops (if ever) I'll publish it tonight.

 

Yep, very weird... maybe CS knows why this is happening?

Edit: How funny, we were posting around the same time .

 

But then why did the first test that I ran with CIS 10 (with the EfficacyTest app and the 1,000 samples) score a 93.1%, using the exact same procedure? It seriously does not make any sense at all.

Cool, you did a video, thank you! I cannot wait to see it .

 

Cool, thank you for letting me know... I will continue to recommend it.

 

Thank you, I appreciate that! I never thought of it that way... but yeah, that is a great analogy! The security industry should act more like professors helping each other out, than the testosterone fueled students they teach . I believe it is the only way we will ever defeat the bad guys.

 

Absolutely!

 

Yeah, but I tested CIS 8 without the EfficacyTest app (I manually executed each file), and had the same result.

https://www.wilderssecurity.com/threads/voodooshield.313706/page-455#post-2602347

It really does not make sense... but I am certain there is a good reason (there is always a reason for everything ).

 

I read the posts here. Few things & my opinion -

1. I dont agree CIS default is not good. Its strong with good usability. So default is strong And not maximum security.

2. CIS stable treats files on system before CIS install as "Safe". You can change this by going into sandbox settings & edit one of the sandbox rules...one of the sandbox rules is set to "Internet", change it to "Any".

3. I installed & checked CIS 10. I noticed some settings are different compared to stable version And couple new options. Before doing any tests, I would suggest to go through all the settings/options And also remember its a beta & stuff may be broken. And do restart the system after CIS install.

4. As mentioned above in Point 2, I checked sandbox settings in CIS 10 & it seems CIS 10 doesn't treats files already on the system before CIS install as "Safe"...Coz no sandbox rules were set to "Internet". But I would suggest you to check yourself, may be I missed it.

And I think CIS 10 beta is more of an alpha & stuff seems to be broken or not working correclty.

 

I am

 

I checked both the videos, efficacytest & manual execution.
Both videos start with system restart, guess you installed CIS & restarted system, right?
After system restart I see efficacytest & malware samples already on the system. So they were already on the system before CIS install or am I missing something here?

Just try the following sample -
http://cdn.download.comodo.com/securitytests/CLT.zip

Its a harmless sample but your system wallpaper/background screen may get changed if clt.exe is running outside sandbox i.e not sandboxed.
extract & run clt.exe
Test CIS stable version

CLT.zip already on the system before CIS install - You should not get alert i.e treated safe.
CLT.zip downloaded after CIS install - You should get alert i.e treated unrecognized.

Or guess, you may also test like this -
If the samples are already on the system before CIS install, go to sandbox rules, one of the sandbox rules for "Unrecognized" is set to "Internet", set it to "Any" And check the "Trusted Files" list for any samples related entries & if present remove those And then a system restart would be good too.

Similarly for efficacytest too. And you have to also check that efficacytest is not in Comodo whitelists i.e when you run efficacytest & its not autosandboxed then check trusted files list, if its present there then its in Comodo whitelists. For this I think you can manually set efficacytest as unrecognized files And then system restart would be good too.
I have not tried this option so dont know for sure but you could give a try.

 

"Just try the following sample -

http://cdn.download.comodo.com/securitytests/CLT.zip"

unless he has smart filter on lol

smart filter does not like this zip at all

 

You can select 'Run Anyway".

 

RE: Comodo Preset Configurations
Please see here:
https://help.comodo.com/topic-72-1-623-7726-Comodo-Preset-Configurations.html

 

This scans the critical areas of your computer (not sure which areas exactly) and makes a list of files that are already known to be safe, dangerous, or else it marks them as unknown. You don't need to take any action if nothing malicious is found. If you mark unknown files that you know to be safe as "trusted" it helps to make Comodo Internet Security a little bit faster and less resource intensive.

Basically it's just looking for anything new that "might" be suspicious but it'd down to the user to decide.

See here: https://help.comodo.com/topic-72-1-623-7755-Unknown-Files---The-Scanning-Processes.html

 

just had the freeze again today. only thing I had open was outlook and IE when I left. using InstallVoodooShield330sph.exe

 

I tested CIS 8 in Proactive config (HIPS & UAC disabled) and it failed BIG.
Link: https://www.wilderssecurity.com/threads/voodooshield.313706/page-456#post-2602380

If you want I can send you malware pack to test Comodo with EfficacyTest.

 

Yes please. And thank you for the thought!

 

Here it is my video test CIS v8 @Proactive Config (HIPS & UAC disabled) with EfficacyTest and 36 malicious files:

https://youtu.be/EIICmE8QoCQ

 

Cool, thank you for letting me know!!! So we can mark searchprotocolhost off of the list .

I think it might be dismhost OR it might be the blacklist scan is trying to "scan" a protected file.

Vlad will be able to fix it quickly I think.

 

My only point is how could testing CIS 10 with EfficacyTest.exe work perfectly on 1,000 samples (93.1% efficacy), then do so poorly on the 36 samples, using the exact same testing methods? Something is not right, but I am certain there is an explanation. I did not mean to become involved in this, so this is probably the last thing I will post about it.

 

That's a great point... but from what I remember, stapp has seen a dismhost block, but does not experience freezes. Is that correct stapp?

Man, I am confused now .

 

How does VS handle those 36 samples (in autopilot)?