Are there any tests or method to test how well the endpoint client is protected against Malware?
There are so many settings, and the profiles I use are based on the default “Hardened Windows Profile for ITSM 6.10”.
Some random antimalware-tests ran fine without any warning:
So my question is:
Are there any recommended settings and how can I test how secure the protection is and how to tighten it up?
A subforum regarding security/configuration settings or how to optimize profile settings would be very usefull.
oh well…
today’s technologies use “Detection” as a method of “Protection”…therefore the measure of success is based on “detection” of a malware…The protection comes from the ability to detect the malware so that you can stop it…
Any testing is limited to the “malware zoo” they have…
what that means is: they have a library of malware and they see how many of these are detected by an endpoint protection product.
I have two problems with the above…
1)Detection should NOT be your protection
2)Testing is based on who provides you the source of malware…and more importantly Malware Authors are not stupid to release their new creation without first making sure its not detected…
The real enemy is the Undetected Malware, and there is no test against that.
Here is a question:
Why in Cybersecurity industry enterprises spend more money every year, but the problem gets bigger every year?
Thanks for responding.
I understand and respect your point.
And your question is the reason I want my clients to be well protected: “Why in Cybersecurity industry enterprises spend more money every year, but the problem gets bigger every year?”
That’s why I convinced them all to use this platform.
But then, for my own credibility, I (-and I think, every MSP-) have to make sure I have configured the endpoint to my best ability.
Please note that nearly 4 years ago, I also had a client with CCS who was caught with Ransomware (bacon@oddwallps.com). Despite using the default profiles.
So I just opened some test malware scripts and was surprised that nearly nothing was detected or blocked!
Ransomware problem is growing every day.
So a security policy (read CCS profile) has to be re-evaluated once in a while.
So my question stands: How can I make test or make sure that an endpoint is well protected?
The ‘test’ I did proved otherwise and allowed the ‘malware’ software.
It would be nice to have a subforum regarding profile-settings and optimum settings.
with Comodo, any untrusted new executable (aka unknown) goes into auto containment…where when run shows a green border around it…
so any new malware you run, if it shows green border around it…then its running in the virtual environment (eg: auto containment) and there shouldn’t be damage…
I would also be interested. Maybe just “CCS profiles”? The problem is I don’t see lots MSP here willing (or having the time) to share problems and solutions.
Anyway a question: if that test had been done on an endpoint protected by SOCaaP what would have been the result?
Yes, maybe it wasn’t configured properly. But as I use the Default Hardened profile as basis (which was configured by Itarian/ Comodo) , more likely everyone using this profile would be vulnerable.
This just proves my point that there should be a way to test and evaluate the endpoint configurations.
Thanks for listening for a solution. I know, I give a lot of positive critics, but it’s only for trying to uplift the allround functionality of the platform so we all can benefit from this. (In other posts I have some more little suggestions for some minor improvements for this platform, which would increase the basic functionality a lot for us all… Please feel free to ask me more…)
A name could be “Endpoint configuration profiles” or just “CCS profiles” like mentioned above.
But if the staff has a better or more catchy name that would cover the topics, it would also be fine.
Can Itarian support tell how I can test or check the settings?
The default "Windows Hardened "profile-settings are still wide open for the test-malware and devices are vulnerable.
We are currently preparing all necessary documentation for a subtopic “Best Practices for Configuring Comodo Advanced Endpoint Protection”. It will be ready very soon.
Can you tell how long it will take, roughly?
Will my question also be addressed?
We are going toward the end of the year, and more and more malware will become active around these days.
Looking forward to this. I suggest that the default profiles be revised at least every quarter based on the intelligence collected by Comodo around the globe. The goal is to stay proactive and not reactive.