COMODO Internet Security 5.x Thread

Discussion in 'other anti-malware software' started by Mops21, Jul 4, 2011.

Thread Status:
Not open for further replies.
  1. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    OH. Duh. I have all my downloads in a file that is also sandboxed and restricted. Failed to mention that. I usually run programs in it and scan them to death before running them. Plus I'm not that stupid that I'm going to let something call bbbbbbb.exe, run without a scan or two.
     
  2. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    If you run the malware from download through the browser, it will run (depending on the sandbox's restrictions). Once you close the sandbox and delete everything, it will get wiped. If you save the file to the download folder and then recover it from the sandbox and run it, then your screwed.
     
  3. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,433
    Location:
    Paris
    I'm in the process of doing a rather extensive test on the abilities of CIS 5.8. Although I certainly like the cloud scanner, but was wondering about the seeming delay in results. I currently reside in the USA.

    Unlike HitmanPro which follows a rather direct route from my home to Enschede
    The Netherlands, Comodo follows a rather circuitous route around the midwest, then to Stockolm, back to Stoke-On-Trent and Bradford in the UK, finally ending up at Jersey City,NJ.

    So I suppose we must cut the Cloud Scanner a little slack as the packets must be tired after such a trip.
     
  4. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    As in Stockholm in Sweden? :doubt:
     
  5. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    976
    Since the update, I no longer get popups when a program is auto-"sandboxed". It imported all of my rules into the Proactive configuration as well, so I can no longer start a "clean" Proactive profile.
     
  6. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,433
    Location:
    Paris
    SweX- Yes, your homeland. I originally thought that it was just an aberration of Network traffic, but for the past 3 days it's been the same path.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Espresso. If program "a" is new to your system and unrecognized it is autosandboxed and you get a notification. IF you then close "a" and reopen it it will again be sandboxed but without notification.
     
  8. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Interesting find. :)
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Is it possible that it's just multiple servers in areas to perform faster computation?
     
  10. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    976
    I know. I get no notification from new files.
     
  11. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,433
    Location:
    Paris
    HungryMan- I just checked my Trace logs and Bradford, UK is a Comodo address (Comodo CA Limited), Jersey City is Comodo Group, Inc. Can't figure out the hop to Sweden, but again Stockholm is reason enough to go there.
     
  12. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Haha lol I don't live in that city so don't ask me :p

    Perhaps they got a DataCenter there? :doubt:
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    That's what I would figure.
     
  14. pjb024

    pjb024 Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    351
    Location:
    Leeds, UK


    Just a bit of trivia for you cruelsister as it's interesting to know why certain locations are of importance to Comodo .... Melih earned a Bachelor of Science degree in Electronic Engineering from Bradford University, United Kingdom, and I imagine that's where he got the inspiration for creating Comodo.
     
  15. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,433
    Location:
    Paris
    A few things this morning- during my testing today I traced the route that Comodo was taking to the Cloud. This time it bypassed Sweden and their facility in the USA (New Jersey) and just connected to Comodo servers in the UK (Manchester and Salford).

    Also wanted to share some of what I’m up to. On a daily basis I try to collect at least 25 malware samples. All the samples must meet the following criteria:

    1). They must have just made their appearance on the usual lists in the preceding 12 hours.
    2). All samples must be run through VirusTotal with the max detection being 10 scanners. Limiting detection to 10 or less reduces that chance that this is a week or 2 old sample finding its way back.
    3). Cannot be adware.
    4). All samples meeting the above criteria will be tested in a defenseless malware box to verify that the samples files are truly malware.
    5). Malicious activity will be defined as making the system unbootable, making the system unusable in some way (disabling any program, browser redirection, etc), and/or the detection of any mysterious network traffic.

    CIS 5.8 beta build 2065 will not be tested at default. CIS has very good options so why not use them? The settings used are:

    1). Proactive Security
    2). AV- Stateful, Heuristics Medium
    3). Firewall on Custom policy
    4). D+ on Safe Mode, Unknown Programs run as Restricted.

    This morning 30 acceptable samples were found. It’s rather hard to give names to these samples as the overall detection rate is so low and different vendors call things by different names. But there were in general some ransomware, Lock-em-all’s, Spyeyes, downloaders, and of course a Zeus or two. On download the AV detected 13, leaving 17. Just for kicks I did a right click scan with HMP (11 detections) and MB (14 detections).
    I ran these samples one by one. Cloud picked up and deleted 2 files. The rest were sandboxed as restricted. In 4 cases daughter programs were spawned, and in all 4 cases D+ noticed and also ran these as restricted. Although a number of nasty things were now in memory no slowdown was apparent. No suspicious network connections occurred. At this point I rebooted, opened up CIS and went to the main page, clicked on the D+ section and deleted all the files running as restricted. After a reboot I did scans with MB and HMP. HMP found nothing, MB detected 3 registry traces.

    (foolish and unjust comments about the fine product Defensewall removed by CS)
     
    Last edited: Aug 23, 2011
  16. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,251
    Location:
    Chaotic Land
    thanks for the testing info cruelsister.
     
  17. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    Wow strong work cruelsister. Nice job breaking down criteria of malware. Nice to see CIS working well. I appreciate how much work goes into producing something like this.
    Kind of surprised at defensewall. Normally it is rock solid against just about everything. I'm sure Illya is taking a look at it.
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,923
    Location:
    Canada
    dont worry ilya will fix it;)
     
  19. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,282
    Location:
    USA,IA
    now try appguard :p or even sandboxie :D
     
  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Also surprised at DefenseWall. Nice that Comodo picked it up though.

    The sandboxing just doesn't work well enough for me to use it (on automatic) but V6 will fix that.
     
  21. Legendkiller

    Legendkiller Registered Member

    Joined:
    Jun 29, 2006
    Posts:
    1,053
    well there have been many tests........which show that CIS is helped great deal by defense+ in preventing malware......

    Shouldn't AV be doing this job? for CIS more often or is it normal?
     
  22. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The AV is the weak point. I'd much prefer the improve D+ over the AV.

    AV's are backwards technology.
     
  23. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    No comment :D
     
  24. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,433
    Location:
    Paris
    There is a certain AV (not named as I don't do A vs B comparisons) with a very, very good Cloud detection rate that did very, very bad against a few new threats found today.

    http://www.youtube.com/watch?v=rrtFwmunj3U
     
  25. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,251
    Location:
    Chaotic Land
    I second that :D :D
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.