Comodo Defence Plus Bypassed by Zeroaccess rootkit

Re: Comodo Defence Plus Byapssed by Zeroaccess rootkit

i tried on win 7 32 bit in VBox on ubuntu guest. I wil try XP also.

 

Re: Comodo Defence Plus Byapssed by Zeroaccess rootkit

Fast on the gun Fabio! Great there. Nice to know OA doing great!

 

Re: Comodo Defence Plus Byapssed by Zeroaccess rootkit

I have not got the chance to watch your video yet but I have repeated my testing. I am confident that my previous results about OA are correct, it failed with no pop ups both on XP and Windows 7. I used default settings of OA.

You can,t get an alert( the one you posted) unless you change the default settings in OA.

 

Comodo developers have acknowledged the issue and they will try for a fix.

 

Nice to see that AppGuard blocked it even at Medium protection level.

 

AppGuard

 

What about Spyshelter?I'm wondering how it does on this...

 

Sorry the screenshot was misleading so I removed it. It was there only to show the log, not the settings. AG wil pass only on default settings that is HIGH. It wil not pass on medium settings.

 

Re: Comodo Defence Plus Byapssed by Zeroaccess rootkit

When you look at the video you will see that I used default settings as well. I even showed the entire installation process as well as all options so nobody can claim I manipulated anything.

Anyways: One member of our team was able to get a bypass on his test machine so I was able to take a closer look at it. I issued an update about an hour ago that will fix the corner case that allowed the sample to bypass Online Armor on some systems. The update is available to all Online Armor users via the integrated online update.

 

Re: Comodo Defence Plus Byapssed by Zeroaccess rootkit

A good example of why if you use AV, BB's or HIPS you should consider Emsisoft products. They have IMO always used information such as provided in this thread as an opportunity to improve their procuct rather than blaming the test, the tester or a worldwide conspiracy against their product

Cheers

 

Both company's have shown themselves well. I run both on different machines

P

 

Re: Comodo Defence Plus Byapssed by Zeroaccess rootkit

Worth every penny i paid for my EAM licenses and OA

 

Re: Comodo Defence Plus Byapssed by Zeroaccess rootkit

OA has a white list and by default OA trusts digitally signed applications. In my understanding this is the reason that OA doesn't intercept this installer. And comodo fails for the same reason. I get the alert if i tick off these options in OA. I can't understand how OA was giving an alert on your system when it's supposed to trust this installer by default. That's a big question and that's the reason i did not agree with your findings.

Unfortunately we don't see any OA user who can test it on his system. I tested on two systems with exactly same results.

 

SpyShelter passed on default.

 

Excuse me for not fullfilling all the test requests.

 

spyshelter Rocks

Really amazing

 

Re: Comodo Defence Plus Byapssed by Zeroaccess rootkit

So with this update even in default settings OAfree can detect/deflect it?

Have yo tested this now with the new update that Fabio is stating?

Cheers and good work there!

 

Thank you for SpyShelter test

 

Every cloud has a silver lining. I think that it's not too bad to find a fail, no matter in CIS, OA... To discover a fail means to have then a fix, and the programs will be stronger.

 

it is a cycle kind of thing

 

Oh darn. My app failed. I must rush and uninstall and install one that passed... I can then gloat that mine passed. But then when mine fails, I will uninstalled and move to one that passed... It is of course a cycle. One that never ends, and never fails to bring out gloaters.

Paul

 

This is 100% truth. The odds of running into that one piece of malware that made the difference in a "test" is so unlikely,but as soon as someone sees a "test" then they panic,quite hilarious

 

Exactly! I change my setup as regular as most of the people on here(jmonge excepted ), but I change because I like a change or sometimes to try something that may be less heavy. But I have never changed because an app failed a test. I could change to something that fails the next test, with the one I just dumped passing that test!!! Nothing is bulletproof. Accept it, then find yourself a setup you like and be satisfied that it will keep you protected from 99% of nasties. The only 100% protection requires pulling the power chord out of your pc.

Passing is nothing to brag about. It's simply reassuring. Nothing more, nothing less.

Paul

 

not really,i just want the fastest trouble free program that can at least protect me in real time without expending to much money and it has to work good in all my systems and if it doesnt is out that simple for examle spyshelter is a good complament for my antivirus but is free for 32 system but for 64 you have to buy it
another one and i really love this one is defensewall it works good for 32 bits but is not compitable with 64 bits sandboxie works good in my 32 but gives problms in m 64 and so on same with appguard
at this moment i am trying Emsisoft Anti-Malware for my 64 bits is good but for my 32 bit is heavy

 

Re: Comodo Defence Plus Byapssed by Zeroaccess rootkit

No, i did not as I have not yet got the answer for my questions about previous build.