Oto jak testujemy Comodo Valkyrie: cyberusługę online do skanowania zagrożeń zero day

27 lipca, 2021

„Comodo Valkyrie is a cloud based verdict driven platform that provides static, dynamic and as needed, expert human analysis for submitted files of unknown and zero day files”. To prawdopodobnie najbardziej dokładny, marketingowy opis usługi cyberbezpieczeństwa, zawierającej się w oprogramowaniu anty-malware dla średnich i dużych firm. Produkt Comodo Advanced Endpoint Protection (CAEP) jest systematycznie sprawdzany w naszym laboratorium w testach Advanced In The Wild Malware Test, a moduł Comodo Valkyrie jest jego częścią.

Tę krótką recenzję opieramy na rezultatach, które CAEP w czasie rzeczywistym uzyskuje podczas lipcowej edycji testów. W trakcie publikowania tego artykułu badanie nadal trwa, lecz dzięki temu, że z poprzednich miesięcy posiadamy mnóstwo danych historycznych, jesteśmy w stanie zaprezentować państwu możliwości Comodo Valkyrie w dłuższej perspektywie czasu.

Comodo Valkyrie to usługa online, będąca uzupełnieniem ochrony Comodo Advanced Endpoint Protection. Występuje w wersji bezpłatnej oraz premium, którą używamy w naszych testach, aby pomóc firmom i państwowym instytucjom lepiej dobrać produkt chroniący przepływ danych, jak i infrastrukturę.

Comodo dla firm w pigułce

Generalnie w skład całego pakietu do zabezpieczeń komputerów pracowników oraz serwerów wchodzą liczne moduły ochronno-zarządzające:

  • Wirtualizacja systemu operacyjnego (piaskownica lokalna na urządzeniu końcowym).
  • Przydzielanie reputacji każdemu plikowi z osobna w systemie (białe i czarne listy plików: Comodo File Lookup System).
  • Wykrywanie zagrożeń przez maszynowe uczenie (deep learning) i automatyczne reagowanie na zagrożenia na punkcie końcowym (technologia Virus Scope).
  • Kontrola aplikacji.
  • Ochrona przed malware fileless.
  • Zaawansowany, dwukierunkowy firewall z możliwością zarządzania.
  • Monitorowanie integralności plików.
  • Kontrola urządzeń peryferyjnych.
  • Ochrona i zarządzanie flotą urządzeń mobilnych.
  • Zapobieganie wyciekom dokumentów (Data Loss Prevention).
  • HIPS (Host Intrusion Prevention System), który stale monitoruje aktywność systemu, aby przeciwdziałać zaawansowanym zagrożeniom i plikom zero-day.
  • Zdalne zarządzanie podatnościami oraz łatkami bezpieczeństwa (Vulnerability Management, a także Patch Management).
  • Piaskownica w chmurze – Comodo Valkyrie (analiza statyczna, dynamiczna oraz ręczne sprawdzanie pliku przez eksperta Comodo).
 

O rozwiązaniu CAEP więcej może opowiedzieć producent (na umówionym spotkaniu online w języku angielskim) albo dystrybutor w Polsce (https://comodo-polska.pl). Oprócz ochrony produkt zapewnia wsparcie ułatwiające administrowanie siecią i zasobami np.:

  • service desk (obsługi zgłoszeń serwisowych),
  • zdalny pulpit,
  • blokowanie niechcianych urządzeń peryferyjnych,
  • inwentaryzacja oprogramowania (i możliwość zdalnego usunięcia).
 

Comodo Advanced Endpoint Protection – konsola

Comodo Valkyrie – wgląd w informacje diagnostyczne.
Comodo Valkyrie – wgląd w informacje diagnostyczne.

Konsola administracyjna w chmurze zbiera wszystkie dane diagnostyczne z podpiętych stacji roboczych. W artykule o usłudze Valkyrie najważniejsze są raporty o stanie bezpieczeństwa Windows 10 Pro z zainstalowanym agentem Comodo Advanced Endpoint Protection.

Pośród licznych danych najbardziej interesującymi są te z piaskownicy, w chmurze Comodo Valkyrie, a także pozostałe, automatycznie podjęte akcje na zagrożeniach wprowadzanych do systemu, przy uwzględnieniu naszej metodologii testów. Korzystamy z domyślnych ustawień producenta. Predefiniowane profile ochrony są dostępne dla wszystkich firm, niezależnie od wielkości, czy też wykupionej licencji.

Dlaczego Twoja firma powinna używać usług podobnych do Comodo Valkyrie?

Dzisiaj dużo mówi się o atakach na kluczowe firmy, w szczególności o atakach na tzw. łańcuchy dostaw (supply chain attack).

Atak na łańcuch dostaw to jeden z najniebezpieczniejszych i najskuteczniejszych wektorów infekcji. Jest coraz częściej wykorzystywany w zaawansowanych operacjach przestępczych (np. atak na firmę Kaseya). Wykorzystuje on konkretne słabe punkty we wzajemnie połączonych systemach zasobów ludzkich, organizacyjnych, materiałowych oraz intelektualnych biorących udział w cyklu życia produktu: od wstępnego etapu rozwoju po użytkownika końcowego. Mimo zabezpieczeń infrastruktury producenta luki mogą występować w systemach jego dostawców, sabotując łańcuch dostaw i prowadząc do destrukcyjnego i nieoczekiwanego naruszenia bezpieczeństwa danych.

Odpowiedzią producenta Comodo jest filozofia ZERO TRUST ARCHITECTURE.

Etap 1: Powiadomienie o nieznanym pliku.

Comodo Valkyrie raporty mailowe
Zbiór powiadomień e-mail o rozpoczęciu analizy dla pliku.

Wszystkie potencjalne zagrożenia ukrywają się m.in. w plikach wykonywalnych 32/64 bit dla Windows, plikach PDF, dokumentach Office, plikach html, skryptach bat, py, js oraz innych plikach.

Pliki będące zero-day’em dla Comodo są poddawane maszynowej analizie i ręcznej weryfikacji przez pracowników Comodo. Administrator w Twojej firmie albo grupa ludzi odpowiadających za bezpieczeństwo mogą być na bieżąco powiadamiani o takich zdarzeniach.

Etap 2: Przykładowy raport z analizy.

Podgląd statycznej analizy jednego z wielu plików automatycznie wysłanych do Comodo Valkyrie celem analizy.
Podgląd statycznej analizy jednego z wielu plików automatycznie wysłanych do Comodo Valkyrie celem analizy.

Można powiedzieć, że Comodo Valkyrie polega na wynajęciu eksperta ds. analizy malware. Ów ekspert nie jest pozostawiony sam sobie, ponieważ wspierają go zespolone technologie Comodo, znajdujące się w zainstalowanym agencie na stacji końcowej.

Comodo Valkyrie: nigdy nie ufaj, zawsze sprawdzaj

To, co pokazujemy poniżej, to tylko jeden z wielu tysięcy plików z lipcowej edycji testu. Utworzony log zawiera szczegółowe informacje z przebiegu analizy, ku maksymalnej transparentności, jak i proof of concept, jakże potrzebnego przy kontakcie z producentem w ramach opinii zwrotnej po przeprowadzonym badaniu.

Dla przykładu jedno z zagrożeń zostało wykryte przez agenta Comodo dzięki analizie w chmurze (lecz najpierw lokalnie uruchomione automatycznie w piaskownicy).

Zagrożenie nie zostało wykryte sygnaturowo, co też można przedstawić inaczej – Comodo pozwoliło na uruchomienie nieznanego pliku. W piaskownicy rzecz jasna. Aby nie uszkodzić systemu operacyjnego. To wszystko jest możliwe dzięki technologiom Comodo, jak i już domyślnym ustawieniom ochrony.

O tym, że próbka malware została uruchomiona w piaskownicy, mówi nam:

1. Wskaźnik antywirusowy w poniższym logu:

Próbka została poddana analizie mniej więcej po godzinie 19 wieczorem, 25 lipca 2021 roku. Kilkanaście minut później otrzymujemy werdykt, który objaśnia, że nieznana dla Comodo próbka malware została uruchomiona w sandboxie. Poniżej wycinek z pełnego logu:

[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint
Protection","what":"/C:\\\\VTRoot/gi","where":"TargetFilename","extracted":"C:\\VTRoot\\HarddiskVolume3"} determine that is not fail

2. Pozytywny werdykt przyznany po przeanalizowaniu logu.

[2021-07-25 19:25:22.242] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Is fail? Answer: false

3. Dla pełnej transparentności podajemy cały output.log dla próbki:

				
					[2021-07-25 19:12:50.276] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Fetching snapshots for machine
[2021-07-25 19:12:50.679] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Does snapshot przed exists? Answer: true
[2021-07-25 19:12:50.679] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Snapshot przed found
[2021-07-25 19:12:51.084] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Does snapshot przed_2021-07-24 exists? Answer: false
[2021-07-25 19:12:51.479] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Does snapshot przed_2021-07-25 exists? Answer: true
[2021-07-25 19:12:51.479] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Prepare to restore snapshot: przed_2021-07-25
[2021-07-25 19:12:51.951] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Snapshot has been restored
[2021-07-25 19:12:51.951] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Start tests!
[2021-07-25 19:12:51.952] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Prepare to restore snapshot: przed_2021-07-25
[2021-07-25 19:12:52.353] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Snapshot has been restored
[2021-07-25 19:12:52.353] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Going to start VM
[2021-07-25 19:12:54.745] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - VM has been started
[2021-07-25 19:12:54.745] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] list processes
[2021-07-25 19:13:32.330] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Processes listed
[2021-07-25 19:13:32.330] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for it, next copyWhiteList function call in: in 2 minutes, countdown...
[2021-07-25 19:14:02.331] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next copyWhiteList function call for: in 2 minutes
[2021-07-25 19:14:32.331] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next copyWhiteList function call for: in a minute
[2021-07-25 19:15:02.333] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next copyWhiteList function call for: in a few seconds
[2021-07-25 19:15:32.330] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Starting copy whitelist files from /home/checklab/Downloads/avlab-testing-acceptance/src/vmwarerunner/whitelist to C:\Users\test\Documents\av\Sysmon
[2021-07-25 19:15:32.331] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Found 2 files to copy
[2021-07-25 19:15:32.974] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] File moje.pmc has been copied to C:\Users\test\Documents\av\Sysmon
[2021-07-25 19:15:33.023] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] File sysmonconfig.xml has been copied to C:\Users\test\Documents\av\Sysmon
[2021-07-25 19:15:33.023] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] updating sysmon config
[2021-07-25 19:15:34.544] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] clear sysmon
[2021-07-25 19:15:36.107] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Starting download W4YhJ_2021-07-24_exe from http://micro908384soft.com/sandbox/2021-07-24/W4YhJ_2021-07-24_exe to C:\Users\test\Downloads
[2021-07-25 19:16:06.114] [WARN] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Chrome killed, file should be downloaded and saved
[2021-07-25 19:16:06.114] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Start checking if file: W4YhJ_2021-07-24_exe exists in C:\Users\test\Downloads\W4YhJ_2021-07-24_exe
[2021-07-25 19:16:06.591] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] File W4YhJ_2021-07-24_exe has been checked and it's in path C:\Users\test\Downloads\W4YhJ_2021-07-24_exe
[2021-07-25 19:16:06.591] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Starting move W4YhJ_2021-07-24_exe from C:\Users\test\Documents\av\src to C:\Users\test\Documents\av\dst
[2021-07-25 19:16:08.176] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] File W4YhJ_2021-07-24_exe moved to C:\Users\test\Documents\av\dst as W4YhJ_2021-07-24_exe.exe
[2021-07-25 19:16:08.176] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Start checking if file: W4YhJ_2021-07-24_exe exists in C:\Users\test\Documents\av\dst\W4YhJ_2021-07-24_exe.exe
[2021-07-25 19:16:08.707] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] File W4YhJ_2021-07-24_exe has been checked and it's in path C:\Users\test\Documents\av\dst\W4YhJ_2021-07-24_exe.exe
[2021-07-25 19:16:08.708] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for it, next runSample function call in: in a few seconds, countdown...
[2021-07-25 19:16:14.707] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Starting sample: W4YhJ_2021-07-24_exe.exe
[2021-07-25 19:16:15.307] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Sample executed
[2021-07-25 19:16:15.308] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for it, next generateSysmonLogs function call in: in 9 minutes, countdown...
[2021-07-25 19:16:45.307] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 9 minutes
[2021-07-25 19:17:15.307] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 8 minutes
[2021-07-25 19:17:45.308] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 8 minutes
[2021-07-25 19:18:15.315] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 7 minutes
[2021-07-25 19:18:45.321] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 7 minutes
[2021-07-25 19:19:15.326] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 6 minutes
[2021-07-25 19:19:45.333] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 6 minutes
[2021-07-25 19:20:15.340] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 5 minutes
[2021-07-25 19:20:45.345] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 5 minutes
[2021-07-25 19:21:15.352] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 4 minutes
[2021-07-25 19:21:45.357] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 4 minutes
[2021-07-25 19:22:15.360] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 3 minutes
[2021-07-25 19:22:45.366] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 3 minutes
[2021-07-25 19:23:15.372] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 2 minutes
[2021-07-25 19:23:45.379] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in 2 minutes
[2021-07-25 19:24:15.384] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in a minute
[2021-07-25 19:24:45.390] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Wait for next generateSysmonLogs function call for: in a few seconds
[2021-07-25 19:25:15.308] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] generate sysmon logs
[2021-07-25 19:25:17.444] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] We are going to copy eventlog.xml file to /home/checklab/Downloads/avlab-testing-acceptance/src/../malware/testing/Comodo Advanced Endpoint Protection/2021-07-24/0c7e2ea86b0fd1398de43240daca82e38dcec78f266d76ddf5bd5ba68a721d2f_W4YhJ_2021-07-24_exe/19-12-50/W4YhJ_2021-07-24_exe.report.xml
[2021-07-25 19:25:19.647] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] File copied as /home/checklab/Downloads/avlab-testing-acceptance/src/../malware/testing/Comodo Advanced Endpoint Protection/2021-07-24/0c7e2ea86b0fd1398de43240daca82e38dcec78f266d76ddf5bd5ba68a721d2f_W4YhJ_2021-07-24_exe/19-12-50/W4YhJ_2021-07-24_exe.report.xml
[2021-07-25 19:25:19.647] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Moving sample file from /home/checklab/Downloads/avlab-testing-acceptance/src/../malware/sandbox/2021-07-24/W4YhJ_2021-07-24_exe to /home/checklab/Downloads/avlab-testing-acceptance/src/../malware/testing/Comodo Advanced Endpoint Protection/2021-07-24/W4YhJ_2021-07-24_exe
[2021-07-25 19:25:19.648] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] File W4YhJ_2021-07-24_exe successfully copied from /home/checklab/Downloads/avlab-testing-acceptance/src/../malware/sandbox/2021-07-24/W4YhJ_2021-07-24_exe to /home/checklab/Downloads/avlab-testing-acceptance/src/../malware/testing/Comodo Advanced Endpoint Protection/2021-07-24/W4YhJ_2021-07-24_exe
[2021-07-25 19:25:19.648] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Starting to parse report /home/checklab/Downloads/avlab-testing-acceptance/src/../malware/testing/Comodo Advanced Endpoint Protection/2021-07-24/0c7e2ea86b0fd1398de43240daca82e38dcec78f266d76ddf5bd5ba68a721d2f_W4YhJ_2021-07-24_exe/19-12-50/W4YhJ_2021-07-24_exe.report.xml
[2021-07-25 19:25:22.236] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Report parsed, and have 173 indicators
[2021-07-25 19:25:22.237] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Check if sample is fail in check
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Checking: 173 if any of them are fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\Program Files\\\\COMODO\\\\Comodo Internet Security\\\\cmdvirth.exe/gi","where":"Image","extracted":"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdvirth.exe"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\Program Files\\\\COMODO\\\\Comodo Internet Security\\\\cmdvirth.exe/gi","where":"CommandLine","extracted":"\"C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdvirth.exe\""} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{199954B3-04DD-4AD1-AC2C-ED7847D2B981}"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{1E3803D5-7824-4D5A-8943-213796D00DB6}"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{6D8A8B89-8010-4DAD-B931-1FF4CCE6F653}"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{9107F7A4-1E42-49F5-8BF5-E20032BDC08B}"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{3EADD663-C092-4D72-9601-AAE0CB35D9E2}"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{4C09458E-1D41-4B82-9B76-ED9AA0EAE50D}"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{E6AD009F-11A2-4CB6-BF92-9A4ACEEC7598}"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{6C587420-91FC-4835-8403-5CFC398249AE}"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{CBCDBFE5-70F8-40F8-AAC1-D603460224CE}"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{29BEB423-D441-490B-81F0-E5EB7FBE596A}"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{D03EFD05-F1C2-4648-ACE5-73235E6D6C33}"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{E1686D5C-E85F-4DB1-8421-CE8D55314841}"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{0AA258B2-14A8-46E5-8743-63DD1D7F4ED4}"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{CB33E65A-0AEA-45DE-9E54-FBF26C81A384}"} determine that is not fail
[2021-07-25 19:25:22.237] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{0882917E-87D4-481A-9FA3-3CBBDCB654F8}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{61B4A18C-6410-4235-A17B-C45EDDC211D2}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{74C25D8C-1C9E-43B2-8DC3-3CE37C349EC1}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{97F3D89D-DB9F-42F1-8565-B8236421C657}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{E2EDC375-2CB6-4F95-9D72-85B0D532E63C}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{729DE82B-1A41-4E2F-9E70-229C59A54A03}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{4F3E09F6-1E1D-41A1-B12D-B3726F60F721}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{780BA540-F64B-45F7-BEDC-9694B8518FAA}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{D33A3A7F-1720-4A3B-8981-27E79D86405E}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{82D59EEB-A732-4B01-BE3E-3E9E5E1D0129}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{9469B434-276E-44F6-84D1-682C38001EDC}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{1EA1481E-E541-4D2C-8FCC-8D30BF6C0BC0}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{82AEF337-5D9B-4D08-9597-FFCAE472C777}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{639FF707-2C11-4172-8C2F-DBF6A356E8F7}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{53D55595-5D49-4CC6-8ED5-51C524C0408D}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{39C01E86-84A0-4769-B5D8-199391CA3B98}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{1AF186A2-11C6-4989-A463-C318E43193FD}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{B99EC3B9-673D-4160-974C-4343AB39E29C}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{90778417-5648-45FF-8224-FD9F395AB9C3}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{201BD7F8-A7F3-4870-9608-5FB4A8C073AC}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{C2C0D9AA-CB46-4025-BE69-5C91EE15A688}"} determine that is not fail
[2021-07-25 19:25:22.238] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{ECA16E73-BE0C-46B5-826F-2667FD9AB35D}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{B0A05F26-6D3F-483B-933A-00C8BAFA2602}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{077EB3C0-F17B-4D8A-89A7-8C99B06F925A}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{CE5570DB-89E6-4E6E-B352-AC75E1A54633}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{31C4FB0A-B3FA-4439-9834-85A98563A268}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{58305A9F-B7A8-4BB4-8D85-F3656832EF9A}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{723D8085-531F-45B9-962C-9D90BFC342E0}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{16DEB701-EE1A-4DF7-A9DB-BB70D90DF48D}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{6B911709-CC08-4898-829B-3CF833C5AD57}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{0B8ECAFD-CB30-4911-A6A3-9DB31D2C79B2}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{B5AA4DFF-459F-4769-8C17-42FD3EE6D24E}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{C1A12FCF-9270-4A89-8336-A0120F4C9F0D}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{368DF28D-9362-466C-9FA3-E0536C222407}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{CFF263C5-0DFA-4667-A374-DFC12D0557F2}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{74BB5995-8E05-41D1-9DBA-010924CC3100}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{D274FA31-F261-4206-970D-1C0C772364A4}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{4BFFD61D-584F-4542-85A3-834AE456FF40}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{5D5ABE74-2ECF-4E0C-9DAB-A91EAD472433}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{A686F1C4-9EDC-4AC6-959D-37F76EADB696}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{81CF3BD9-BF18-4DAD-B23B-56F302170496}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{F01EEDC3-0327-4978-BF68-EB5859F7FC03}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{6FB6452E-4F33-4469-B438-0A7F26C1E3E3}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{0794FDCC-FD06-4934-A66E-BFE8A6850AC2}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{77652049-A604-4162-83DA-88BBBD05C85D}"} determine that is not fail
[2021-07-25 19:25:22.239] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{603E7360-5B3E-4B56-8ECF-ADB03B37E111}"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{C4142D9A-0894-4632-813C-2D686D0D361E}"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{386E1F24-627C-4428-B11C-4ABA24C7642A}"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{00703FBC-E96D-4364-A04D-1047745504FE}"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{C90AA9F5-E5E9-4672-8265-7BDF62AB3274}"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{E3940C1E-4F37-495D-84B4-696B19CF1707}"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{4BCB8EA0-DEF7-4BB0-B5F9-14447AA43AD6}"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{61945C2A-911A-42F2-871B-3FDC90E693A4}"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{7FE8519D-D539-4963-A403-59516E48E0C6}"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{2F5225A8-B962-4FA9-8F22-F121DC771C62}"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{1D4CA2DD-87C2-45FF-A8EA-3F9D23CEB1C5}"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{640EC2DA-0173-46AE-834E-41E5CE3FA0BE}"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\{C2B5C070-441C-4FDE-AC3C-942741D67330}"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\VTRoot/gi","where":"TargetFilename","extracted":"C:\\VTRoot\\HarddiskVolume3"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\VTRoot/gi","where":"TargetFilename","extracted":"C:\\VTRoot\\HarddiskVolume3\\Users"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\VTRoot/gi","where":"TargetFilename","extracted":"C:\\VTRoot\\HarddiskVolume3\\Users\\test"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\VTRoot/gi","where":"TargetFilename","extracted":"C:\\VTRoot\\HarddiskVolume3\\Users\\test\\AppData"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\VTRoot/gi","where":"TargetFilename","extracted":"C:\\VTRoot\\HarddiskVolume3\\Users\\test\\AppData\\Local"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\VTRoot/gi","where":"TargetFilename","extracted":"C:\\VTRoot\\HarddiskVolume3\\Users\\test\\AppData\\Local\\Temp"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\VTRoot/gi","where":"TargetFilename","extracted":"C:\\VTRoot\\HarddiskVolume3\\Users\\test\\AppData\\Local\\Temp\\W4YhJ_2021-07-24_exe.exe"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\VTRoot/gi","where":"TargetFilename","extracted":"C:\\VTRoot\\HarddiskVolume3\\Users\\test\\AppData\\Local\\Microsoft"} determine that is not fail
[2021-07-25 19:25:22.240] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\VTRoot/gi","where":"TargetFilename","extracted":"C:\\VTRoot\\HarddiskVolume3\\Users\\test\\AppData\\Local\\Microsoft\\CLR_v4.0_32"} determine that is not fail
[2021-07-25 19:25:22.241] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\VTRoot/gi","where":"TargetFilename","extracted":"C:\\VTRoot\\HarddiskVolume3\\Users\\test\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs"} determine that is not fail
[2021-07-25 19:25:22.241] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\VTRoot/gi","where":"TargetFilename","extracted":"C:\\VTRoot\\HarddiskVolume3\\Users\\test\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\W4YhJ_2021-07-24_exe.exe.log"} determine that is not fail
[2021-07-25 19:25:22.241] [DEBUG] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicator: {"type":4,"title":"Comodo Advanced Endpoint Protection","what":"/C:\\\\ProgramData\\\\Comodo\\\\Cis\\\\Quarantine/gi","where":"TargetFilename","extracted":"C:\\ProgramData\\Comodo\\Cis\\Quarantine\\Temp\\etilqs_SVewQPqmcf1e2Zb"} determine that is not fail
[2021-07-25 19:25:22.242] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Is fail? Answer: false
[2021-07-25 19:25:22.242] [ERROR] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Machine Comodo Advanced Endpoint Protection doesn't have any logs to copy
[2021-07-25 19:25:22.242] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicators extracted, saving them into db
[2021-07-25 19:25:29.792] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Indicators saved in database
[2021-07-25 19:25:29.793] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Saving summary of indicators into db for Comodo Advanced Endpoint Protection
[2021-07-25 19:25:29.881] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Summary saved in database
[2021-07-25 19:25:29.881] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - [ID:13742] Finished test
[2021-07-25 19:25:29.881] [INFO] [TESTING] [608637a3-e775-4cd4-8295-fb1425f8ae17] [Comodo Advanced Endpoint Protection] - Going to shutdown VM
				
			

Comodo w testach AVLab

W roku 2020 oprogramowanie Comodo Advanced Endpoint Protection do ochrony stacji roboczej uczestniczyło we wszystkich edycjach testu. Łącznie zablokowano 6713/6713 próbek malware, co daje maksymalny wynik 100% zatrzymanych zagrożeń in the wild.

  • Ponadto prawie 20% zagrożeń zablokowano już w przeglądarce albo po zapisaniu na dysk.
  • A także ponad 1% zagrożeń zablokowano podczas przenoszenia próbek do innego miejsca na dysku.
  • Z kolei dokładnie 79% zagrożeń zablokowano po uruchomieniu złośliwego oprogramowania, co wskazuje na niedoścignioną technologię wykrywania i blokowania plików zero-day.
Podsumowanie advanced in the wild malware test
Testy

Podsumowanie testów bezpieczeństwa w roku 2020

Celem niniejszego podsumowania jest nagrodzenie tych producentów, których oprogramowanie bezpieczeństwa w roku 2020 uczestniczyło w badaniach przeprowadzanych przez AVLab. Chcemy, aby przedsiębiorcy, firmy oraz użytkownicy indywidualni mogli wybierać tylko dobre rozwiązania

Czytaj więcej »
Adrian Ścibor

Adrian Ścibor

W ramach działań związanych z cyberbezpieczeństwem odpowiada w AVLab za przeprowadzanie testów rozwiązań ochronnych przed zagrożeniami. Opracowuje strategie oraz narzędzia, które pomagają w ochronie danych i systemów przed cyberatakami. Współuczestnik międzynarodowej grupy non-profit AMTSO, która zrzesza ekspertów IT.
Adrian Ścibor

Adrian Ścibor

W ramach działań związanych z cyberbezpieczeństwem odpowiada w AVLab za przeprowadzanie testów rozwiązań ochronnych przed zagrożeniami. Opracowuje strategie oraz narzędzia, które pomagają w ochronie danych i systemów przed cyberatakami. Współuczestnik międzynarodowej grupy non-profit AMTSO, która zrzesza ekspertów IT.

PODZIEL SIĘ:

Czy ten artykuł był pomocny?

Średnia ocena: 0 / 5. Liczba głosów: 0

guest
1 Komentarz
najstarszy
najnowszy oceniany
Inline Feedbacks
View all comments

Wyrażam zgodę na przesłanie oferty drogą telefoniczną przez IT Partners security sp. z o.o. z siedzibą Katowicach ul.Padereskiego 35 na podany przeze mnie adres e-mail zgodnie z ustawą z dnia 10 maja 2018 roku o ochronie danych osobowych (Dz. Ustaw z 2018, poz. 1000) oraz zgodnie z Rozporządzeniem Parlamentu Europejskiego i Rady (UE) 2016/679 z dnia 27 kwietnia 2016 r. w sprawie ochrony osób fizycznych w związku z przetwarzaniem danych osobowych i w sprawie swobodnego przepływu takich danych oraz uchylenia dyrektywy 95/46/WE (RODO).

Wyrażam zgodę na przesłanie oferty drogą mailową przez IT Partners security sp. z o.o. z siedzibą Katowicach ul.Padereskiego 35 na podany przeze mnie adres e-mail zgodnie z ustawą z dnia 10 maja 2018 roku o ochronie danych osobowych (Dz. Ustaw z 2018, poz. 1000) oraz zgodnie z Rozporządzeniem Parlamentu Europejskiego i Rady (UE) 2016/679 z dnia 27 kwietnia 2016 r. w sprawie ochrony osób fizycznych w związku z przetwarzaniem danych osobowych i w sprawie swobodnego przepływu takich danych oraz uchylenia dyrektywy 95/46/WE (RODO).

[ninja_tables id=”27481″]