Actually I think that Comodo’s sandbox approach is very good. You take any unknown binaries and automatically distrust them and place them into sandbox. Thus if we for example bypass its Antivirus Heuristics and manage to get a shell on the target we wont be able to do much on the system level as the whole expolit process will be separated by the sandbox.
It took a while to defeat the sandbox and for a time Comodo was on my top list of AV products. This method can bypass the Defense+ in paranoid mode and the Antivirus heuristics. Metasploit reverse payload is slightly customized of course in order to get by the AV. I cannot disclose the details of the Sandbox escape in order to protect the innocent and from the abuse by script-kiddies. Below is a demonstration on how the attack if performed featuring Viktor Cleaner giving a final strike.
In case you wonder what strange language the Windows 7 is in its Czech.
