CIS 6.2.xxxx Releases!

Re: CIS 6.2.282872.2847 Released!

Well..here we go again.

1. why did you start fighting when I just complained or showed my opinion << strongly shows fanboyism.

2.Any HIPS/BB can be bypassed,it just needs userland injection technique.Google it.I am a diploma in computer software so dont fool me

3. Why cant they fix it right away!? they say to listen to their users,so!? and by the way Stuxnet flame duqu have been discovered long ago and they knew there were bypasses so why arent those fixed yet Or change their default settings of the sandbox if they are cared of their users and btw how people are getting infected with CIS there and you can see so many people infected with CIS around in the forums,dont tell me they did something wrong because I know in v6 by default the questions are next to nothing.Yes,there arent much of those but there are a certain which can be considered.So there is no such thing that is almost 100% and beats other competitors and by the way you know what happens if some malware is digitally signed and its in TVL then you are in a soup!?

4.Why are there so many rants on their forums by fanboys about Valkyrie/DACS and still nothing,its been more than a year I heard about it.

see this thread,read carefully:
https://forums.comodo.com/leak-test...research/weakness-of-the-gpcode-t65960.0.html


I hope this war stops here,I am of no intention in arguing further

 

Re: CIS 6.2.282872.2847 Released!

who fights?

1. So what? where I said the opposite?
oohh you have a diploma, who cares, somebody ask you? I don't see the people in this forum telling what they are, an IT security expert for a big company or a monk.

2.3. You tell me you are the guy with the diploma, haven't they added it to the AV database to be detected? yes they have
I will tell you, Stuxnet was using original stolen certs, so INITIALLY it was recognized by as trusted by CIS and many other AV's. But most important is because it was designed by the US government so it doesn't matter what protection you had
https://en.wikipedia.org/wiki/Stuxnet
Duqu and flame are the childs of Stuxnet

No war, just facts, sorry if you are taking this wrong.

 

Re: CIS 6.2.282872.2847 Released!

Well..I just said diploma for fun sake but I have been in malware analysis/removal since years.

But why shouldnt they fix the bypass even if its in AV database because if they dont the future malware baddies may use these vulnerabilities and make the hole more big and more tough for CIS devs to fix,still I havent got a genuine answer that I should take as a reply to shut my mouth

Yes,stuxnet and others may have done it that way as you said,but that's why AV engine is needed to cope up with these type of custom made malware but again those bypasses are now age old so why CIS devs didnt fix them even after knowing about them !?

So if you are finished with your excuses about CIS,lets move on with the topic discussion

 

Re: CIS 6.2.282872.2847 Released!

But what it bothers me more it that you don't understand, not even with a diploma that is not that easy to release a fix for a bypass (not even with months of dedication) if you were right, this forum wouldn't exist because any security product would be able to protect you 100%.
And most this malware that you see bypassing CIS uses always same 1 or 2 methods what are vulnerable in CIS, and when the patch one of them or two a new method appears.... that's life, that is software development.

So what do you know about security software development? nothing? do you know how to code one?
What do you know about security? "malware analysis/removal since years." ok we can stop talking...

 

Re: CIS 6.2.282872.2847 Released!

Exactly! I am glad you understand my point of view... I mean they either fix their stuff or change their default settings

 

Re: CIS 6.2.282872.2847 Released!

While i do like the return of the old more informative interface, their inability to fix the damn "Detect installers and show privilege elevation alerts" thing properly makes it useless (still).

C'mon Comodo, can't you fix the damn thing already!? It's not like i'm requesting a freakin program rewrite.

All i want is that when i uncheck "Detect installers and show privilege elevation alerts", that Comodo automatically allows privilege elevations and doesn't display a popup for it, when application is signed and on TVL list. When it's not, it should get automatically sandboxed directly. How hard is it to do this!? Very, apparently...

 

Re: CIS 6.2.282872.2847 Released!

While I do understand that CIS or KIS or BIS etc ... are all bypassable, do have a look on malwaretips, the user "cruelsister". She just tested CIS 6 with all of my packs and only one time an undetected samples was able to do whatever it was supposed to do (it was remote access trojan). If firewall settings were tweaked during the test CIS would alert that the RAT wanted to connect ..

Plus, latest AV test for CIS showed excellent performances. So no need to "badmouthing" it. BTW, are you serious true indian when you say many users are infected with CIS ? do you have some links to some malware removal forums or whatever else ? I'm monitoring a really known french malware removal forum where all big head come to desinfect ppl, and probably most of the time their AV is MSE or AVG. Noticed less (even very less) ppl infected with Avast.

 

Re: CIS 6.2.282872.2847 Released!

Sorry spywar,I wasnt badmouthing the CIS AV but you know nothing is 100% but yes if you look at the particular AV forums the infected user rate sounds certainly a bit considerable but in reality I have CIS installed on like 12 clients now and avast on the rest and all are mostly risky users having common sense but dont use it and they are still safe,CIS is very good suite I never said its bad but I was only trying to looks at the dark spots of comodo.I was just trying to show that even people using CIS get infected sometimes just like it happens with avast or any other AV.However,there may be certain cases where there are unidentified holes and of course everything we test in these packs may not be in the wild for the regular real life user,there are variations in the threat landscape for a tester testing a AV and for a regular Real life user so you cant tell

Like on bleeping Computers forum,they recommend avast like other removal forums and I have not see the victims coming back for help,hehe!!

 

Re: CIS 6.2.282872.2847 Released!

Completely agree and understand that.

 

Re: CIS 6.2.282872.2847 Released!

Also to mention it depends on the user base count..what may look huge infected users for one may be a very small number for that AV community because it has millions of users.

So even CIS has infected users may look big if you count it on their forums but actually for 55M users its very small but you cant deny in some way or other user got infected.

 

Re: CIS 6.2.282872.2847 Released!

light as a feather again

 

Re: CIS 6.2.282872.2847 Released!

Those that have done any testing with CIS already know that from time to time running a particular trojan will lead to the deposition of various daughter spawn, usually in App Data, Program Data, or Roaming. Although there existed a registry modification to make the sandbox fully virtualized, from my work applying this tweak resulted in differences that were trivial at best.

At the end of this Apil I alerted Comodo (via the Forums) that a few (at that time) new ZAR's were able to make it past the sandbox at whatever level and with whatever tweak, depositing themselves hidden in the Recycler (as ZAR'S tend to do) awaiting further instruction.

With this new release I decided to revisit these samples under the new Fully Virtualized setting. As defs for all of these samples have long since existed, I shut off both the AV component as well as ditching the Cloud by killing internet access. The samples were run, allowed a few minutes to do what they do. The system was rebooted. I didn't bother to empty any temps nor did I clean the sandbox. The system was then inspected after the reboot and it was found to be clean as a whistle.

I bring this up to point out that in this particular case the new FV setting made a difference, but more testing over a prolonged period must be done to confirm.

 

Re: CIS 6.2.282872.2847 Released!

Thanks for pointing this out, I think that after all they really try to fix CIS (hips, sandbox) but is not always possible to do it as fast as we expect.

 

Re: CIS 6.2.282872.2847 Released!

cis continues to be the one of the best internet security suite going around and it is much stable than my former free favorite avast.

 

Re: CIS 6.2.282872.2847 Released!

Good points. Comodo is full of it. Over-promise Under-deliver.

Also I dont believe the 100% virtualized sandbox. Such simply doesn't doesn't exist on Windows. For starters, how are they virtualizing rootkits

 

Re: CIS 6.2.282872.2847 Released!

BTW, egemen has just confirmed that the 2 reported bypass technique have been fixed, but update has not been issued yet. I hate when ppl start saying devs don't give a * just because they saw something on a forum. It has always been like that with Comodo well ...

 

Re: CIS 6.2.282872.2847 Released!

Then you should look at the cruelsister comment, above.

 

Re: CIS 6.2.282872.2847 Released!

Cruelsister thank you for your continued tests.
These are much appreciated by all i am sure

 

Re: CIS 6.2.282872.2847 Released!

Is there a 100% bug free software out there that i am unaware of.?
If so please do share.

If people dont like comodo then dont use it.
Its free and its lucky because its worthy of a price tag.

 

Re: CIS 6.2.282872.2847 Released!

The only think I have to say is that they could give us a few days (maybe a week) for testing this new build as a public BETA. Anyway, it is really stable for me, and all reported bugs (from me) seem fixed .
We have asked devs to give us public BETA for next times..

 

Re: CIS 6.2.282872.2847 Released!

And did they ever reply

 

Re: CIS 6.2.282872.2847 Released!

Yes, sure.

 

Re: CIS 6.2.282872.2847 Released!

I keep reading about the new Fully Virtualized setting for the Sandbox. Is there an actual setting that can be accessed somewhere for this, or is it automatic? If there's an actual setting that can be accessed, can someone please tell me where it's located in the GUI? Thanks!

 

Re: CIS 6.2.282872.2847 Released!

Just my sense of humour
Certainly if beta was available would be beneficial for all

 

Re: CIS 6.2.282872.2847 Released!

Advanced Settings>Defense+ >Behavior Blocker> Auto Sandbox unknown applications as

You can then select fully virtualized.