The DLL is now rated as a Malware. Thats good but it is not the solution, yet.
Atleast on CIS, even with the DLL being flaged as Malware, if one execute the exe, the DLL is loaded and the ransomware do its job without interruption.
Im editing the video showing this right now. If all goes well this video will be online tomorrow, with subtitles, etc. But this time it will be a full video, without cuts and speedups. so that “some” people don’t come up with excuses and lies trying to invalidate the testing and all the work I’ve been doing these past few months, just because they can’t accept the simple reality that their favorite product is vulnerable, hasn’t been patched and remains vulnerable.
Although you’ve shown that you’re capable of solving it (albeit partially, since the DLL scanning and isolation option can be problematic for Windows itself), the problem persists in Comodo Internet Security.
i dont know. what i know is that on xcitium endpoint they managed to introduce 2 options to block unknow dlls from being called by any exe. with this they can prevent the ransomware showed on my videos, but no one knows how these options are going to affect the windows itself.
but these are two different products (even with the same base). we are just hoping they will fix this in a better way for handling dlls both on cis and xcitium. or, atleast, bring this new option added to xcitium into cis too and we, users, will find our way out