Can someone give me a rundown of how comodo AEP tackles a computer or server that has been hacked?
It’s not on the machine and keeps in mind I’m only speaking hypothetically in case a situation or opportunity presents itself I would know how to resolve the issue using Comodo products.
Cleaning an existing infection from a computer is a very different process than protecting a computer.
Depending on the infection, sometimes you might have to start from scratch by re-installing (worst case analysis)…or use Cleaning tools like https://www.comodo.com/business-security/network-protection/cleaning-essentials.php … Anyone who says they can clean all malware automatically without having a backup of the system is lying to you. In majority of the cases its hand to hand combat with the malware! That’s why Kill Switch capability that I personally love in Cleaning Essential is a very useful tool.
But protecting using AEP …is a fairly easy process…
Thanks for the feedback.
@melih if a machine was compromised with comodo aep install does it stop the attack and reverse what was done?
Because every unknown is run inside a container, there wouldn’t be an “infection” per se. You would just restart the machine or delete the stuff inside containment and its gone.
Another use case: installing AEP on an infected machine, you would have one hell of a battle between AEP and the Malware that divides into two categories
a)known malware: we simply clean it
b)unknown malware: it would cause a lot of issues as the power struggle between AEP and the unknown malware (which was installed before AEP was installed).
If you think you installed AEP on an already infected machine, you can turn on the “paranoid” mode on and watch the fight!
If you think Malware came in after you installed AEP and you have configured the AEP properly (with containment etc) then would want to hear about this use case.
Happy to get our Threat Labs to help if you need it.
Thanks melih I just wanted to be prepared for both scenarios. .
there are 2 cases when dealing with malware
1)Keep a clean computer clean
2)Clean an infected computer
You need 2 different capabilities/toolset to do these. They are NOT the same things. There maybe some common components but that is it.
How to:
1)Keep a clean computer clean: Install AEP:
A total stranger knocks on your door…
you answer the door…
You let this total stranger in…
He is sitting in your living room sofa…
Is he a good guy or bad guy?
We don’t know!
5 days later he is still there…good guy or bad guy…we still don’t know…
If he gets up and punches you…we know he is a bad guy…
But if he doesn’t get up and punch you, can you say he is a good guy?
Of course not!
So just because an unknown file (a stranger) does not show a bad behaviour (like getting up and punching you) does NOT make it/him a good file/person that deserves unfettered access to your computers/network! That is the common mistake the industry makes. They try look for a “bad behaviour” using all sorts, AI, heuristic, machine learning, signatures etc…all looking for identifying a bad behaviour…they can’t find it…and because simply they fail in finding a bad behaviour they say …hey stranger because you didn’t punch me (ie: they couldn’t identify a bad behaviour)…please go in and have full access to everything…and babysit my kids!!! That’s why with the current industry people spend $Billions and still get infected…because they let the stranger in and gave total stranger/unknown files unfettered access just because they haven’t seen a known bad behaviour of the stranger!
With our AEP: Every stranger gets to live in their bubble wrap/comfortable Cell : ) while they are in our house…if they tried to punch us…bubble wrap around them will render the punch useless…but they can still roam around our house…but can cause no harm! That is the innovation we have…They live in that bubble wrap until we validate they are a “good” guy…we don’t just look for “bad” behaviour…we also validate if they are a “good guy”…the only company in the world to do that.
With this innovation you can keep a clean computer clean!
As to cleaning an existing infection…its an art…martial art! Sometime you get lucky and remove it using a removal tool…sometimes noone knows the malware can there is no removal tool available and you have to fight the little bugger on your own…thats where i use Cleaning Essentials and Kill Switch…
An ounce of prevention is worth a pound of cure…that’s why use AEP to make sure no stranger gets unfettered access to your computers!
Great analogy! Two thumbs up for this one.