Author Topic: Superantispyware incorrectly reported as modifying memory ?  (Read 7190 times)

Offline poutnik

  • Comodo Loves me
  • ****
  • Posts: 109
Superantispyware incorrectly reported as modifying memory ?
« on: March 12, 2008, 01:34:49 AM »
SAS 4.0.1154 is reported by comodo 2.4 FW ( w2ksp4 ) as modifying other processes memory.

Just recently I have abandoned my loved Kerio Personal firewall 2.1.5  and tried on w2k comodo pro 2.4.
When I have launched SAS free to make quick scan as background task,
comodo soon realized something strange :



SAS was said to be modifying processes in momory. at picture it was maxthon.exe like my favorite browser frontend. It was later detected on explorer.exe and services.exe.

during comparative scan by ad-aware 2007, comodo did not report anything about ad-aware, scaniing processes too, but SAS was reported as changing memory of aawservice.

on SAS forum site I was told they just scan memory ( that is obvious to do)
and that CPF 2.4 is misreporting this. )

Links to superantispyware forum]

Where is the truth ?
« Last Edit: March 12, 2008, 05:17:42 AM by poutnik »
C2D E4700 / 6 GB / Vista Premium 64 SP2 / CIS FW+HIPS only / Avast Home AV/ SAS Free / MBAB Free / PaleMoon browser - NoScript - AdBlock Plus / LAN /  VoIP router Linksys RTP300 /// Sony XPERIA M Dual + CMS

Offline Matty_R

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2532
  • How long is a piece of string?
Re: Superantispyware incorrectly reported as modifying memory ?
« Reply #1 on: March 12, 2008, 06:50:26 AM »
Hi Poutnik,i think here Comodo is doing its job as it should,did you have your browser open during the scan as for SAS to do its scan it must access/look at what is running in Memory,therefore it is taken that it is modifying  the memory by Comodo because unless Comodo knows to expect this it will warn you as it would for any rogue app.

So i dont think its doing any misreporting/to scan the memory it must modify it.

Cheers Matty
A couple of computers :P

Offline poutnik

  • Comodo Loves me
  • ****
  • Posts: 109
Re: Superantispyware incorrectly reported as modifying memory ?
« Reply #2 on: March 12, 2008, 07:14:26 AM »
So, could it be, that

Ad-Aware 2007 is for comodo 2.4 known trusted application, not to be reported ?
Because Ad-aware makes process can too.

SAS 4.x is far younger than CPF 2.4 and younger than ADAware,
so it can be suspicious for CPF 2.4.

does it make sense ?
Or things are even different ?

C2D E4700 / 6 GB / Vista Premium 64 SP2 / CIS FW+HIPS only / Avast Home AV/ SAS Free / MBAB Free / PaleMoon browser - NoScript - AdBlock Plus / LAN /  VoIP router Linksys RTP300 /// Sony XPERIA M Dual + CMS

Offline Matty_R

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2532
  • How long is a piece of string?
Re: Superantispyware incorrectly reported as modifying memory ?
« Reply #3 on: March 12, 2008, 10:16:34 AM »
Sorry poutnik just took a closer look at your pic,could it be SAS using your browser to check for an update?

Matty
A couple of computers :P

Offline poutnik

  • Comodo Loves me
  • ****
  • Posts: 109
Re: Superantispyware incorrectly reported as modifying memory ?
« Reply #4 on: March 12, 2008, 10:39:37 AM »
I suppose it could, maxthon is my default.
But what other mentioned processes ?
E.g:  I do not suppose SAS would use for update aawservice  ( service part of Ad-Aware 2007 )
C2D E4700 / 6 GB / Vista Premium 64 SP2 / CIS FW+HIPS only / Avast Home AV/ SAS Free / MBAB Free / PaleMoon browser - NoScript - AdBlock Plus / LAN /  VoIP router Linksys RTP300 /// Sony XPERIA M Dual + CMS

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek