COMODO Internet Security 5.x Thread

Discussion in 'other anti-malware software' started by Mops21, Jul 4, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I need to test more and see if Mamutu stops blackday. That's my only other realtime protection.

    Running your downloads folder at low integrity is one way to prevent Black-Day from patching anything at a higher integrity, though anything at low integrity will be just as vulnerable as ever.

    Heuristics from Comodo is pretty damn good though. I wouldn't worry.
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,678
    Location:
    Canada
    :thumb: let us know man
     
  3. guest

    guest Guest

    Well... if a 0day version of blackday came out it would still be caught by the heuristics... but if it were modified to get around that somehow you'd be boned without an extra layer of defense.

    He means that the other layers of CIS will stop it anyway.

    Mamutu is not very useful if you are already using an HIPS, it will alert you about the same stuff but it will be less noisy.
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,678
    Location:
    Canada
    guest thanks:thumb:
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Heuristics will check for some of the things (or really, all of the things) that Mamutu checks for. In that sense there's overlap. But Mamutu will alert you to each suspicious activity whereas the heuristics will not. At least that's how I understand it. I'm confident that I would be fine with CIS's heuristics as they catch Black-Day but I don't want to rely on a single program. Mamutu is incredibly light.

    I also like Mamutu's feature of protecting applications from being messed with.
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,678
    Location:
    Canada
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    When I ran Black-Day on my personal computer both Comodo and Mamutu popped up to block it.
     
  8. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,317
    Location:
    USA
    Not surprised. :thumb:
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,678
    Location:
    Canada
  10. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,489
    Location:
    Paris
    Some wonderful malware was found a few hours ago on the excellent German site Clean-mx. A bunch of whatever.screensaver.exe's, all with a different trojan in it!

    1). I downloaded a random 24 files with CIS turned off,
    2). I did a right click scan with MB and HMP. Both went zero for 24
    3). Deleted the files, turned CIS back on and redownloaded the 24.
    4). CIS cloud caught 9 (15 left). Did a right click scan with CIS, now it detected and deleted 11 (4 left).
    5). Restored the 15, Ran them all, all either sandboxed (as Restricted) or deleted by D+, except for 2.
    6). Reimaged my Malware Box to a clean state and ran these 2. Only thing that happens is I got a Beyonce and Bruce Willis screensaver installed as well as the IE homepage changed to some Chinese site.
    7). Restored IE homepage, deleted the scr files. Installed WinPatrol.
    8 ). Ran those same 2 again. Scotty detected the homepage change and blocked it.
    9). In short, 24 malware files = 2 screensavers.
    10). Bravo CIS, Bravo Scotty!
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Strange that it blocked so many when HMP and Malwarebytes did not.
     
  12. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,489
    Location:
    Paris
    First time that I've seen it myself. To confirm, PM sent.
     
  13. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,589
    Location:
    Mumbai
    Its good to see that comodo's AV part is becoming stronger day by day coz comodo is known for its D+ module rather than the AV module;)
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,678
    Location:
    Canada
  15. Shadowwar

    Shadowwar Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    305
    These are just screen savers with an adware component bundled in it. We do detect the adware component that is bundled in it. These are not a malicous malware.

    If you notice:

    *

    Not one other av hits it. Not everything on clean-mx is malware.
     
    Last edited by a moderator: Aug 7, 2011
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,678
    Location:
    Canada
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    That sounds more like it. I certainly do not consider Comodo's AV all that great, though their cloud heuristics is pretty effective.
     
  18. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    I heard they are incorporating cloud capabilities in their regular AV..did you see that in action?
     
  19. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I don't know about that as I don't use their AV. But defense+ has a cloud AV built in.
     
  20. guest

    guest Guest

    The heuristics and the BB are things totally different.
    In general any HIPS will alert you for any change.
    Any BB will alert you for any change that the BB understand that it can be dangerous. It's like an intelligent HIPS, with less popups, although can allow some malware because it's intelligence is not perfect.

    This is why the developers of OA will never integrate mamutu on OA, becuase is useless, if an HIPS is complicated for a user probably the best is try a BB, will have less popups, and usually the info will be more particular (easy to understand)

    BB: behavior blocker.

    This capabilities are already since CIS5, they are not directly related with the AV, even if you install only the FW+HIPS+Sandbox you also will get a cloud behavior blocker and the Cloud AV.
    Probably in CIS 6 they will improve the CLOUD adding valkyrie that it's like a multipurpose/multiengine for specific malware. Also they will add a automatic sandbox like sandboxie, based on virtualization and not in restrictions.
     
    Last edited by a moderator: Aug 8, 2011
  21. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    In other words you only need to use CFW to have the protection from the cloud and the AV can be skipped entirely ATM?
     
  22. guest

    guest Guest

    Yes but the Cloud AV and the cloud behavior blocker have a delay (usually less than 3 or 5 seconds), you depend on internet, also it will not stop an infection on real time, it will alert you after the file has been open (I'm not sure if it can detect files without opening them) and it will give you options like delete, kill and block (D+)... But usually this files are already in the sandbox, so there is no infection problem.

    PD: I'm not totally sure if the local AV has more detection capabilities than the cloud av like the heuristics.
     
    Last edited by a moderator: Aug 8, 2011
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,678
    Location:
    Canada
    :thumb: good idea:thumb:
     
  24. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I'm saying that heuristics, which emulations the software looking for malicious behavior, acts like a behavioral blocker.
     
  25. guest

    guest Guest

    When I read that I understood that you are comparing heuristics with BB.
    The CIS heuristics or the AV heuristics in general are something different from a BB
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.