Xcitium with new configuration can prevent the ransomware to be executed! Finally!

vitaotek · March 12, 2025, 8:25pm

Xcitium Client Security can now protect against the famous Ransomware that detonates Comodo Internet Security!

FINALLY!!!

Watch it here:

This video has subtitles in English, Brazilian Portuguese and Spanish. If you need more subtitles, just let me know.

@ilgaz @Jomcy @New_Style_xd

New_Style_xd · March 12, 2025, 10:00pm

Very cool, my friend! An excellent test.

Now let’s wait for the COMODO team to fix it in COMODO Internet Security Premium.

I’m very anxious to see this fix in CIS.

vitaotek · March 13, 2025, 1:23am

lets hope they dont take too long as they usualy do.

Nik · March 13, 2025, 10:16am

@FlorinG / @Carlo1 Now can you rate that DLL as Malicious?

FlorinG · March 13, 2025, 1:53pm

Hello @Nik,

We’ll check this.

Best regards,
FlorinG

vitaotek · March 14, 2025, 3:25pm

The DLL is now rated as a Malware. Thats good but it is not the solution, yet.

Atleast on CIS, even with the DLL being flaged as Malware, if one execute the exe, the DLL is loaded and the ransomware do its job without interruption.

Im editing the video showing this right now. If all goes well this video will be online tomorrow, with subtitles, etc. But this time it will be a full video, without cuts and speedups. so that “some” people don’t come up with excuses and lies trying to invalidate the testing and all the work I’ve been doing these past few months, just because they can’t accept the simple reality that their favorite product is vulnerable, hasn’t been patched and remains vulnerable.

Although you’ve shown that you’re capable of solving it (albeit partially, since the DLL scanning and isolation option can be problematic for Windows itself), the problem persists in Comodo Internet Security.

So that’s it

vitaotek · March 15, 2025, 1:16am

Ill create a new topic for a new test. Just to not polute this one.

marsbar · March 19, 2025, 3:07am

Concerning stuff. Is their fix really just to stop unsigned dll’s from being ran?

vitaotek · March 21, 2025, 12:39am

i dont know. what i know is that on xcitium endpoint they managed to introduce 2 options to block unknow dlls from being called by any exe. with this they can prevent the ransomware showed on my videos, but no one knows how these options are going to affect the windows itself.

another thing we all know is that the dll is now marked as dangerous but this doesnt seem to mean anything as the same exe can be executed and the ransomware destroys cis as you can see here: The Ransomware DLL is marked as dangerous but it has no effect on CIS and it fully destroys CIS

but these are two different products (even with the same base). we are just hoping they will fix this in a better way for handling dlls both on cis and xcitium. or, atleast, bring this new option added to xcitium into cis too and we, users, will find our way out