New Xcitium Client Security against Ransomware that is taking over the CIS:
Is this the last version released?
Spoiler: The same result as CIS.
2 Likes
I wonder when COMODO will fix this DLL.
What’s worse is that it’s been in Valkyrie for a long time, and no human has analyzed it yet. 
@vitaotek are you using the default secure profile?
Hello, you can use any profile, the result is always the same, the files will always be encrypted by ransomware.
on this video i used the profile provided by the edr, wich is Xcitium Secure profile 8.1.
in the other video (old one) i used default profile but activating some more modules. the results, as stated by @New_Style_xd are always the same and will always be as this is an exploit in comodo/xcitium libs or exes. Its not a problem with configurations. Any configs can be used and the results will always be the same. The ransomware bypasses cis/xcitium security and destroys user files.
with cis i did more testings, with many configurations possible, just to show what ive said, that no matter what configurations, what profile used, what modules used, the results will always be the same. Wich is a shame as even Windows Defender can prevent this ransomware to be executed.
Well, im doing my part.
Now lets see if they to theirs.
… Or they will ban me from this forum for posting this unsolved problem, remove my posts and ignore the problem… who knows… theyve already done that on comodo forums…
1 Like
Hi ,@Umut
Is there any official looking into this matter?
1 Like
hi @vitaotek , thank you for sharing this. We are looking into this, but before that, could you please share if below setting was enabled on your configuration during the tests?
This is a setting which was exactly implemented for such cases in your tests, where the main application is trusted but it loads malicious dll.
This setting is disabled by default on Secure profile to avoid false positive cases, as many trusted vendors still tend to use unsigned DLLs.
There also Rootkit payload which still not fixed.
1 Like
Hi @ilgaz, since this setting produces so many FPs, what else can be done to block this type of ransomware with XCSW?
2 Likes
Hi ilgaz,
Auto block unknown dll is not enabled on Secure profile 8.1. what Xcitium is recommending for user in practical scenario?
Hi Hydra,
Could you kindly shed some light on this?
Hello guys. I can not edit the initial post. The video had to be removed and a new one was uploaded. The link is this: https://youtu.be/UVemqPO0YeI
The same video, with one little tweak that was needed.
If possible, any mod, please update the initial post with this the link.
as jomcy explained, the profile used is the default 8.1 so that option was not marked. @ilgaz would you like me to do a new test with this option marked?
for this ill need to setup a new evaluation edr, install it on an vm, change profile settings and test. it will take a little longer as im doing some works at my end.
Hello, @ilgaz
For those who use COMODO Internet Security Premium, what is the solution?
well, it seems my subscription expired. does anyone want to sponsor a new video by providing an access to edr just for the test? 
we can help you to create a POC env, i sent you a personal message on youtube pls check
2 Likes
great. ill look as soon as i get bck home
hello my friends. i just finished the testings. xcitium, with that particular option marked, can prevent the exploit to be explored and the ransomwre can not run anymore. now there are only two things you guys can do to make it better:
-
detect the god damn dll as malicious as this is the freaking ransomware (even windows defender detects it);
-
bring this update into CIS too.
for one side its good to see xcitium protecting me against this freakin ransomware. but on the other hand, now its even worse and sad that you guys resolved it on xcitium but it seems you just ignored CIS…
i hope bein wrong… would love to see cis protecting everyone against this ransomware too.
1 Like
I want this fix to arrive as soon as possible for CIS.
For XCITIUM it has already been fixed for a while now, it seems. All that’s left is to fix it in CIS now.
I’ll be waiting.
really? o.O
lets make some aplauses for him please @ilgaz @Jomcy @New_Style_xd @melih
1 Like