Hi @nct
Since the infected device didn’t have CCS running on it we cannot collect any information about that device. For the devices we have our agent on and Auto-containment running, we have logs that malware application spreading from the initial infected device have been stopped and contained.
No single system is perfect, but a correctly configured CCS/AEP is very close and if combined with @dittoit backup your on to a winner!
If you have Auto-Containment disabled there is almost no point in having CCS as this is one of the best features they have and is the magic stopping system for ransomware and zero day infections as nothing runs unless trusted.
Also something to watch out for is the admin / domain rights, as if the CCS is configured wrong you do not need the Comodo password to access CCS if your an administrator.
Using Comodo’s firewall and hip is also powerful with hardening config.
Yeah, so lets blame Comodo instead of the admins of the server. No wonder I left a great paying job with the DOD after 18 years doing Symantec and McAfee ePolicy administration. Love being hired to do endpoint cyber security and then being ordered to not do my job and install the endpoint protection software or enable it because it “Interrupts the end-user experience” or “The security software is too restrictive and breaks things”…You know what really interrupts the “End-user Experinece”? The federal investigations that will follow.
Not sure but it appears a client may also be infected as all usable applications and SQL application on the server have been rendered useless. Server Backup no longer works and all processes have a Named Image of DiskdriveVolume1 - cannot get anything installed.
This all began when the CCS stopped working and I used the CisCleanupTool_x64 which said it removed CSS but EDR still shows as installed. Then tried to use iTarian remote and could no longer access the Server (2008 Standard). Now on site 2hrs away trying to recover.
RAID and boot repair not working. Yes I have backups and baremetal VM created offsite but could use some help in identifying how this happened and how to resolve a crippled server. Corporate apps depend on the SQL Data.
Ticket opened since Sunday morning #10645
Rest assure that our Itarian team will assist with the help of our Development team to identify the source and entry of infection.
Restore not happening off of the original server, need to bring in the VM from the DC and build a new server. The EDR did not report anything.
| EDR Agent v2 | COMODO | 2.1.0.128 |
Any update?
For some reason, @icttech , hadn’t responded to some of our emails from support team regarding his reported issue and support still awaits for his response.