Bypass XCS by creating high-risk items in the startup entry

This issue was originally reported in the COMODO forum. Here is the link.

According to the test, this bypass may also exist in the XCS. Since I don’t have an Xcitium account to install the XCS for testing, you can test it on your end.

Hi @Redstraw

I will share the details with the verdict team and look into it. Could you please share the sample sha1 details to us .


MD5: 9cf2c793029ae8dd84a387ba66e8c432

SHA-1: 48f6d8e5c4f55434a3d1fdc1531bd37fb6248d10

SHA-256: d76d9fa7fa75a31b2a62804c8925a1c352f407831865bebc005b7f01676b5ac9

Thank you for sharing the details. I have forwarded the same to the team to look into it. I will get back to you with feedback from the team.

Hi @Redstraw

Our team checked the details, the verdict was changed and suspicious activity will be marked as malware.

@nivedithab Thank you for your quick response and processing. I noticed that this sample is flagged as malware now.

Although the online Valkyrie has flagged it as malware, it is still rated as trusted 2hrs later. Is it caused by a delay?

It will be updated soon as malware, i will re verify with team on thr same.

@nivedithab I am not sure whether the CIS and XIS share the same online verdict database since it’s still been recognized as trusted here after around 15 hours and the signature data is the latest. I am using the CIS.

Hi @Redstraw ,

I am checking with the Verdict team on the issue. I will update you on their feedback on the same.

Thank you