VoodooShield/Cyberlock

Ah, no. It's not default allow, comodo only allows whitelisted applications to run with those settings that way. That would be default deny. Voodooshield doesn't allow anything that hasn't been discovered by virus total already and it also has machine learning AI to help the user make a more informed decision. When voodoo is on always on mode, it indiscriminately blocks everything that hasn't already been allowed.

Now to address the other thing that I didn't highlight.

Comodo, configured as descibed is my standalone. As stated above, it will only allow whitelisted applications to run. In the past, and probably to this day, CIS, CAV and CFW sometimes have issues with DLL injections. So I have voodoo as my supplementary for any kind of advanced command line typed deal that could get past comodo.

The sandbox in comodo is set to auto-deny admin privileges to everything running in the sandbox, so if something gets started in a webpage I visit and is dropped on my machine, it's stuck in the sandbox and most likely won't be able to make any meaningful changes.

VoodooShield is also very handy for some extra "don't touch that" protection for critical system files like regedit, services, task manager and MMC and so on, when you password protect the settings. VS's virustotal checking is also helpful at preventing PUPs from being installed, which comodo sometimes has whitelisted, because their analyses from file submissions doesn't find most pups to be malicious, because they technically aren't. They're just annoying.

So while it's true that I would most likely be fine with just comodo, I like the extra protection from voodooshield running along side.

Am I paranoid? Yeah...probably. But this setup works.

 

Works for you that's great, but definitely not paranoid.

VS works in/with "cloud", not on my system.

I think I'll take that spot (paranoid).

 

I'm using Comodo tweaked to be less pain in the *** compared to what you have written down, and used Voodooshield for a while, so i certainly talk from experience.

You still lack protection from exploits and VS will slowly turn into something that you don't trust anymore when it alerts cause it alerted on everything before.

unless ofcourse you live under a rock and use 4 programs and never install anything. in which case you dont need any security at all other than a proper adblocker.

your setup makes your paranoia worse.

 

1. Okay, comodo configured the way I have laid out in that prior post will ALWAYS allow whitelisted items. Even if you had the settings on defaults, it will ALWAYS allow whitelisted items with no prompts at all.

2. What are you talking about? Voodoo protects against exploits just fine, at least software based exploits that is.

3. "Under a rock"? I don't get any performance issues or false alarms from CIS or voodoo when I install new things that I fiddle with. In fact, I have voodoo in autopilot mode while I'm at the PC fiddling with things. The whole point of configuring comodo my way is to make it auto-block anything it would ever ask you about, (which would only ever be unknown applications) with no alerts. And like I already said it still allows everything in the whitelist with no alerts no matter how it's configured. Almost every piece of legit software I've fiddled with was allowed by comodo while configured as I described, everything blocked by comodo turned out to be a PUP or malware.

And Voodoo set to auto-pilot mode is almost perfect. There's only very rare cases where I have to unlock the UI to allow something from a voodoo prompt in auto pilot mode.

4. Yes, I probably only need comodo or voodoo, not both. But in the past, comodo has had issues with DLL injections, including the double agent ransomware. I have said, in this very thread if I remember correctly, that I also use comodo as a little bit of idiot proofing to enforce my VPN's connection with certain applications I have. And because of the processes that comodo, the company, uses to determine which file submissions are malware and which ones aren't, comodo often adds PUPs to the whitelist database.

I said in a previous post in a different thread that I stopped using comodo, but I always give it a try again every time a new version comes out. And so far, the latest version has no performance issues for me.

 

No, VS never prevented exploits, it is beyond its capabilities since it isn't an anti-exploit but a post-exploitation softs ( as ERP, OSA, SAP, etc.. etc...) which means, it will hamper further damages made by the already installed exploit.
Using an analogy, post-exploitation softs will prevent the bleeding from a bullet, not the bullet to hit you.
There is few real anti-exploits: Windows Exploit Guards/EMET, HMPA, MBAE, and those built-in in some suites.

Don't believe the marketing.

 

All of those in my installation of windows 10 are set to "on by default"

Do they still make MBAE as a standalone product? or is it only integrated into MBAM now?
Never mind...I got the answer. "No" It's just a component of MBAM now

 

indeed, and sadly WEG is a bit complicated for the non-geeks

 

Last time I checked, they still make MBAE as a standalone but only as a permanent beta. If you still want to download it despite that you should go to the forum.

 

Anyway HMPA is way superior and gives more control.

 

On Malwarebytes' blog there was a post that said that an exploit isn't malware, but the thing it drops on the machine is malware, as I'm sure literally everyone on this forum knows.

https://blog.malwarebytes.com/101/2017/03/what-are-exploits-and-why-you-should-care/
"...So are exploits a form of malware? Technically, no. Exploits are not malware themselves, but rather methods for delivering the malware. An exploit kit doesn’t infect your computer. But it opens the door to let the malware in..."

After some skimming through that article, apparently the most common exploits that regular home users need worry about at all are the ones made for web browsers. That's more of a side note though. (I came to that conclusion, because most home users don't host their own email server and don't really use office applications or anything like that)

Disclaimer: I'm not an expert, just an advanced user. All I really know for certain is that an exploit kit is a means of getting malware onto a system without having to trick the user into clicking on anything. Like it said in that article I linked to.

I guess the real question is: If you quarantine and/or block the payload from ever running, is there really any harm done? I guess if the exploit kit is allowed to fingerprint the system and has a mechanism to deliver that information to its creator then...maybe?

 

An exploit is an exploit, not a malware indeed... it is like HIV, by itself it is harmless but it reduces the body's defenses so others viruses can easily infect you to death. Now if the exploit is also embedded with damaging functions...

do you want live with an exploit active on your system? i bet no.

indeed most are from conducted from browser malicious scripts but dont forget email attachements and networks based exploits.

you quarantine the payload? and what if it is a kernel exploit like Eternal Blue? only an OS patch can prevent a kernel exploit, no software, whatever good it is.
Kernel exploits can run in Ring 0 where software run in Ring 3 (Ring 1-2 are usually drivers).
Before win8 and patchguard, HIPS and others could hook the kernel to protect it, not anymore.
and i dont talk about exploits running at session 0

 

1. No, I don't want to live with an exploit on my system.
2.Is HMP Alert compatible with comodo? Any known conflicts? My time with voodooshield is about to run out anyway, it's a good time to switch to something that actually adds to my security.

 

1- i guessed
2- tried both in the past, didn't have any issues, cant say for today. Anyway, just add the Comodo processes in HMPA exclusions and vice-versa.

remember you have already an exploit guard in Win10. just saying

 

Yeah, I guess I do, but HMP alert beefs it up a bit, right?. I also saw in HMP alert's settings that it specifically protects the app verifier, which was the thing that allowed the double agent ransomware to inject a DLL into comodo (among other AV's) to hijack it (them).

 

@GrDukeMalden

might come in handy:
https://demo.wd.microsoft.com/

 

Using Win10ent, sadly the built-in sandbox doesn't connect to the internet.

 

https://calendarofupdates.org/index.php?topic=4856.msg11522#msg11522

 

Hi guys,

I just installed v1.0.1 beta and see there is a place to register the Pro version. Do we just leave that blank?

Thanks.

 

I don't know if this would be classed as one of Dan's "Easter Eggs", but I just found if I double click on WhitelistCloud text the GUI gets reset back to the bottom right of my Desktop.

 

Well it seems Telos have the same problem as the one posted by me in the previous page (with the unhandled exception). I hope that DAN will fix it in the next beta.

 

No, there is MBAE beta is very stable with very occasional updates, and is available for free. There's a thread here on the forum: https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-156#post-2844272

 

Yep!

 

Whitelist Cloud v1.3 beta has been released.

https://calendarofupdates.org/index.php?topic=4856.msg11608#msg11608

 

is HMPA still suffering from crazy compatibility issues?

 

not on my side anymore, since now you can ''suppress'' an alert (aka whitelist)