Rogue slips right through Comodo!

hmm thats good to know.

 

Aren't the exes there by default? and even with the exes in the list, the image execution can't block the rogue in normal mode only in aggressive.

 

private firewall seems to block it...avast and a2 deny access to the site itself

 

With Image execution control set to aggressive, the alerts show that xpdeluxe.exe tries to access or execute:
ntdll.dll
kernel32.dll
msvcrt.dll
user32.dll
qdi32.dll
ole32.dll
advapi32.dll
rpcrt4.dll
secur32.dll
imm32.dll
lpk.dll
and many more
got bored so stopped

 

I already had the executables (by default) list since i installed COMODO

 

Try it in Sun VirtualBox

 

I don't have sandboxie installed, don't like it.
And i'm running this with Shadow defender

 

the first popup is from OA++, the second with AV module off

 

What do u mean, shadow defender runs the pc like in any virtual machine.

 

more screenies......

 

If according to Egenem Defence+ also gives equivalent initial execution alert, what the whole thread is about ?

 

Maybe the same things happening to egeman then.

 

only egemen gets the execution alert. I don't neither does ssj100

 

Quill doesn't even think this has malware. And both are using VMs

 

This is kinda kind of magic. Melih and Egenem re the only people in the Universe Comodo never fails for

 

LOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOL

 

He says

 

And there should be a execution alert atleast. I tested the whole thing again
and the only alert i get is xpdeluxe is trying to access explorer and if blocked the rogue still runs.

 

LOOOOOL
EDIT:And i'm using defense+ with safe mode (higher than yours)

 

Oh well, now all we can do is wait for other people to test this 'smart' rogue with comodo.

 

ummm......comodo might be taking a one off break and letting other security apps deal with such cyber trivalities....haha(ssj i have borrowed your trademark exclaimation for once)

 

I hate you man!!! I restarted my pc into normal mode without any shadow mode. And I disabled NOD32 becuz it detects the rogue, and then downloaded the rogue. Guess what happened? The same thing happened, I got a access to memory alert and thats it, i blocked it, and the rogue started running!!!!!!!

Doing an on-demand scan now.

 

this is the reason why I don't bother using an AV, not worth it as there is only a small chance your av will detect it.

ps can some one pm me sample.

 

oops ! the plunge as advised by ssj has plunged you into an abyss .mbam should get rid of it imho

 

I have basically jumped into a empty water well man.LOL