Comodo bypassed (allegedly)
3 posters
Page 1 of 1
Comodo bypassed (allegedly)
https://forums.comodo.com/news-announcements-feedback-cis/another-mrg-video-t58497.0.html;msg412479#msg412479
Please see latest video here https://www.youtube.com/watch?v=4AYeIDI4CB4 As you will see, we are able to bypass CIS from within the sandbox, with CIS displaying no alerts.
Cheers,
Chris
Re: Comodo bypassed (allegedly)
Relax. This is just a video. If these guys want to help us, please provide binaries. No 100% security in the world, what we can do and what we are doing is fighting with malware. Never stop.
That's all.
Thanks,
Doskey.
That's all.
Thanks,
Doskey.
Re: Comodo bypassed (allegedly)
It's interesting that I don't see anymore videos coming with the new beta version from MRG. I guess they can't bypass it anymore since the new command-line scanning feature has been implemented.
languy99- Valued Member
- Posts : 54
Join date : 2010-07-20
Re: Comodo bypassed (allegedly)
It's also interesting to see such little activity at their own forums. Ever since that Wilders thread was locked, I'd completely forgotten about MRG. I think if they released their POC to the public, it would get much more interest!
And it's fairly clear that they are out there to belittle Comodo etc. It's rather sad really.
And it's fairly clear that they are out there to belittle Comodo etc. It's rather sad really.
Re: Comodo bypassed (allegedly)
from what I heard, this is just what I heard, it is not their POC. They took it from someone else and modified it a little.
languy99- Valued Member
- Posts : 54
Join date : 2010-07-20
Re: Comodo bypassed (allegedly)
also have you tired to new beta 3 .1079? I like it, and it is much better. I just found a java exploit and it caught it and put it in the sandbox. Much improved.
languy99- Valued Member
- Posts : 54
Join date : 2010-07-20
Re: Comodo bypassed (allegedly)
I only tested it against the LNK POC exploit.
Java exploit? Any chance you could PM me this?
Java exploit? Any chance you could PM me this?
Re: Comodo bypassed (allegedly)
I got it from the mbam forum, I'll pm it to you. here is results for it.
http://virscan.org/report/3ce30cc58d51d3646fb7facbd2f9640b.html
http://virscan.org/report/3ce30cc58d51d3646fb7facbd2f9640b.html
languy99- Valued Member
- Posts : 54
Join date : 2010-07-20
Re: Comodo bypassed (allegedly)
By the way, this concept of sandboxing unknown applications is exactly the same approach as what I've been employing for nearly a year - I use Sandboxie to open any newly introduced file, even likely benign files like .txt etc. In my opinion, Comodo are definitely employing a very good security approach. The great thing is that they are automating things so that even the "noob" user can handle it.
Re: Comodo bypassed (allegedly)
Sent to you.
Comodo is working very hard to keep security at high as possible while keeping user interaction as low as possible. It is very hard to do it, but the end goal is to reduce pop ups so much that when the user sees a pop up they should be like whoa, wait a minute, this is strange. I have never seen a program ask for this, to be safe I will block it.
Comodo is working very hard to keep security at high as possible while keeping user interaction as low as possible. It is very hard to do it, but the end goal is to reduce pop ups so much that when the user sees a pop up they should be like whoa, wait a minute, this is strange. I have never seen a program ask for this, to be safe I will block it.
languy99- Valued Member
- Posts : 54
Join date : 2010-07-20
Re: Comodo bypassed (allegedly)
I just tested a pdf exploit against comodo V5.1079 and it did very well.
CIS saw the exploit, and sandboxed it. The exploit tries to access svchost.exe and CIS notified me. I blocked it.
Then it tries to modify the setupapi.app.log file. After that it tries to once again access svchost.exe, I block it again. Then it gives up and closes.
CIS saw the exploit, and sandboxed it. The exploit tries to access svchost.exe and CIS notified me. I blocked it.
Then it tries to modify the setupapi.app.log file. After that it tries to once again access svchost.exe, I block it again. Then it gives up and closes.
languy99- Valued Member
- Posts : 54
Join date : 2010-07-20
Re: Comodo bypassed (allegedly)
languy99 wrote:I just tested a pdf exploit against comodo V5.1079 and it did very well.
CIS saw the exploit, and sandboxed it. The exploit tries to access svchost.exe and CIS notified me. I blocked it.
Then it tries to modify the setupapi.app.log file. After that it tries to once again access svchost.exe, I block it again. Then it gives up and closes.
Again, can I please have the sample via PM? Thanks.
By the way, it sounds like older versions of CIS would have done well too.
Re: Comodo bypassed (allegedly)
I will send it to you. I tested it with a older version of adobe reader and it worked. I don't know if older version with sandbox would have caught it.
languy99- Valued Member
- Posts : 54
Join date : 2010-07-20
Re: Comodo bypassed (allegedly)
languy99 wrote:I will send it to you. I tested it with a older version of adobe reader and it worked. I don't know if older version with sandbox would have caught it.
I'm sure Defense+ would have caught it even in version 3.
Re: Comodo bypassed (allegedly)
yeah in v3 it would have easily.
languy99- Valued Member
- Posts : 54
Join date : 2010-07-20
Similar topics
» Sandboxie about to be bypassed?
» Comodo: No!! No!!
» COMODO as AE
» Shadow Defender bypassed by TDL rootkits???
» Comodo Virtual Kiosk for CIS 6
» Comodo: No!! No!!
» COMODO as AE
» Shadow Defender bypassed by TDL rootkits???
» Comodo Virtual Kiosk for CIS 6
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|