5.3 and WoW trouble.

[Guest]

[ntoskrnl]

"the only IS equipped with" also means novelty.

What novelty are You telling about? Comodo Memory Firewall is more than three years old:
http://forums.comodo.com/Comodo_memory_guardian_beta_corner/Comodo_memory_guardian_beta_v1_buffer_overflow_protection-t11108.0.html;msg78852#msg78852
Buffer overrun attacks are well known for more than 20 years.

Oftentimes novelty can bring about problems and needs POLISHING.

Sure. But this also applies to third parties, which are unable to provide stable code.

Again not all BOs are exploitable and only those that are would get patched.

How CIS should to determine, what BO is exploitable and dangerous and what is "safe"?

When D+ gets ready to deny something, it issues a popup, makes the program wait, and once an action was decided it enforces/doesn't enforce a policy. This is healthy behaveior.

BO oftentimes will decide at its own discretion to stomp a type of behaveior, crash the app, and not give the user a say. That it is possible to exclude some applications implies some acknowledgement on Comodo's side that this behaveior may NOT ALWAYS be useful or helpful, and can create more problems than it solves. As such, they should take the next logical step and request user consent before doing so.

In many cases when application's stack(s) or heap(s) becomes corrupted there is no option to "wait", because this app is already crashed actually.

[Searinox]

WoW does not produce one such popup. Neither does Alcohol. And WoW and Alcohol are not one of those "many cases" as they will run perfectly normal otherwise. This is what I meant by aggressive - these new developments don't even notify anymore, they just alter the behaveior and you may or may not be lucky to figure out that Comodo is the reason why they don't work anymore.

[Luc[y]]

Starcraft 2 made overflow too, and Comodo do not give alerts, you have to relaunch starcraft for getting this alert.
COMODO maybe hate blizzard company (:

[Searinox]

I'm not all that surprised since they use the same graphics and battle.net engine. WoW has been live for over 6 years and never has an exploit or malware been carried out through the client itself. It is possible under defense+ shellcode detection exclusions to add groups -> all programs. It is highly unlikely that Blizzard bow down to Comodo on this one.

[Valentin N]

what's the big deal? put in in Exclusions in Detect shellcode injections (i.e. Buffer overflow protection)?

I wish all here Happy New Year!

Regards,
            Valentin N

[Luc[y]]

yes, but every update, you have to re-add in exclusion annoying .
BTW : 5.3 fix this issues when i have to relaunch sc2 ;!

[Valentin N]

It's something that you have to accept

[andyman35]

Starcraft 2 made overflow too, and Comodo do not give alerts, you have to relaunch starcraft for getting this alert.
Comodo maybe hate blizzard company (:

Or perhaps evidence of a trend for sloppy coding at Blizzard 

[Searinox]

A "we're right they're wrong" attitude which leaves the users with the task of adding exceptions is a bad idea in this case.

[andyman35]

Searinox the problem is that if the BO protection is modified to accommodate buggy applications then it pretty much negates the whole concept.This isn't the same as a FP within the AV,the protection is being activated by a BO,while inconvenient since it's a benign error the fact remains that it is just that.

A compromise would be improvements to the usability in order to make things more transparent to the end user.

[Searinox]

And I have already suggested the simple compromise of having people alerted by Comodo BEFORE the app is tampered with/"corrected", instead of a silent crash(WoW, StarCraft) or abnormal behaveior(alcohol) and since Comodo alerts before acting with everything else - AV, D+, FW, I could think of nothing better to please both sides, but HeffeD denied even this simple request saying that it's Comodo's right to correct these apps whenever it sees fit and the user has to deal with it.

[HeffeD]

but HeffeD denied even this simple request saying that it's Comodo's right to correct these apps whenever it sees fit and the user has to deal with it.

I said nothing of the sort... All I said was Comodo didn't cause the problem. The problem was caused by a buffer overflow in the application! Comodo is merely protecting you from the buffer overflow. If you want to read more into what I wrote, I guess that's your prerogative. 

[Searinox]

The issue just got worse. I restarted the computer and now alcohol is exhibiting the same-old error again. WoW continues to work well with the exclusions, but alcohol no longer so. I deleted the rule and added a new rule for all applications(*) then restarted, again WoW works fine, alcohol still broken.

It looks like I will have to use "disable Defense+ permanently" yet again. This is the first time in over 3 months that I re-enabled D+, after my first encounter with the alcohol issue left me no choice. Now I have to disable it again. Somebody please tell me how it is that D+ is still meddling after I added the group All Files and Folders (*) to the exclusion list. WoW works, so the exclusions must be working. Alcohol doesn't, so the exclusions must be partially working...? The devs can either choose to look into this seriously, or I will have to keep running with D+ disabled for an unknown period of time, until something gets done.

[Valentin N]

I use myself Deamon tools lite (this tool gives BO) and once I add it in CIS ---> Defense+ ---> Defense+ Settings ---> Execution control Settings ---> Detect shellcode injections (i.e. Buffer overflow protection) ---> Exclusions ---> Add ---> Browse... everything is working fine.

Regards,
            Valentin N

[Searinox]

Problem solved.

I spent 2 hours on experiments and managed to figure out why alcohol would not work: since I was launching it alot to check its status, it updated itself. So I ran more tests and was able to figure out the awful truth. Apparently if an update or clean install is made WITH the defense+ driver active, REGARDLESS of having under exclusions everything, just the installer, the whole alcohol folder, or nothing at all, the install will be BROKEN. And the only fix is to install alcohol, or any updates to it, WHILE D+ is permanently deactivated. After that D+ can be reactivated.

This goes well beyond the issue of bothering an app, crashing it, or causing it to behave strangely, because all those issues could be fixed by simply adding the troubled apps to the exclusion list. With installing alcohol 120%, D+ must be permanently deactivated for the duration of the install, else it WILL interfere, no matter what the exclusions. This is not normal no matter how you slice it.

[Tags:]