Welcome to the Comodo Forum
Welcome,
Guest
. Please
login
or
register
.
November 20, 2009, 11:15:36 PM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
336425
Posts
37221
Topics
84381
Members
Latest Member:
mistresslisa
more news...
Search:
Advanced search
|
Tag Cloud
Welcome to the Comodo Forum
Desktop Security Products
Comodo Internet Security - CIS
Bug Report - CIS
Defense+ Bugs
Services.exe driver install- no way to control?
« previous
next »
Pages:
[
1
]
Author
Topic: Services.exe driver install- no way to control? (Read 317 times)
aigle
Comodo's Hero
Offline
Posts: 502
Services.exe driver install- no way to control?
«
on:
November 02, 2009, 09:32:12 PM »
There seems no way to control driver install by services.exe via CFP. Even with all custom rules with Proactive Security and Paranoid Mode I can,t monitor drivers installation by services.exe because as soon as I reboot my PC and a legit system driver is installed/ loaded by services.exe during reboot, CFP not only allows it but also adds a global driver install/ load rule by services.exe in CFP application rules.
It,s so disappointing. For me it,s not a good architecture. Hope it can be fixed in next versions.
Thanks
Logged
metalforlife
Comodo's Hero
Offline
Posts: 269
Re: Services.exe driver install- no way to control?
«
Reply #1 on:
November 08, 2009, 09:37:16 AM »
But why would you want to deny the installation of a legit driver? Won't the system be unable to boot properly if it's drivers are not loaded?
Logged
SS26
Comodo's Hero
Offline
Posts: 1397
Re: Services.exe driver install- no way to control?
«
Reply #2 on:
November 09, 2009, 10:07:26 AM »
Similar threads:
Inconsistency of D+ in Safe mode with certain driver loading technique
CFP- Poor Pop up alerts by compared with other HIPS?
Poll: "Driver Installation" instead of "Registry Modification"
Though according to my experience, driver installations using services controller are always intercepted in Paranoid mode
Logged
XP Home SP3 32bit ; CFD (Comodo Firewall & Defense+) v3.13 ;
aigle
Comodo's Hero
Offline
Posts: 502
Re: Services.exe driver install- no way to control?
«
Reply #3 on:
November 09, 2009, 07:56:38 PM »
Quote from: metalforlife on November 08, 2009, 09:37:16 AM
But why would you want to deny the installation of a legit driver? Won't the system be unable to boot properly if it's drivers are not loaded?
I have seen malware loading driver through services.exe.
Logged
Searinox
Comodo's Hero
Offline
Posts: 342
Do you like fire? I'm full of it.
Re: Services.exe driver install- no way to control?
«
Reply #4 on:
November 12, 2009, 05:17:09 AM »
I strongly suggest to COMODO revising their services.exe attitude. While the way CIS is handling these behaveiors isn't much of a problem, something is wrong in the handling that can cause a lockdown of death after selective registry key access is allowed. I launched wisptis.exe by using msn messenger's handwrite tab and COMODO asked to allow some CurrentControlSet access to services.exe.
From then on the comp slowly died with everything freezing up and nothing not even task manager popped up. My solution was to allow "*" under reg keys and basically configure services.exe to allow everything as if it were a "Windows System Application" policy, even though the policy itself cannot be set for services. That solved my problem but I'm still puzzled as to why CIS locks me down if I ALLOW whatever I am asked to allow to services.exe. CIS never failed to comply with D+ rules. What's different about services?
Logged
Windows 7 Ultimate 64-bit with all updates, UAC off + COMODO Internet Security 3.13.119746.572(Firewall and D+ only) + Symantec Endpoint Protection 11 RU5(Antivirus and Proactive Protection only) + Eset NOD32 Antivirus 4.0.468.0 + TuneUp Utilities 2009 + Norton Ghost 14 SP5
Tags:
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Want to help Comodo?
-----------------------------
=> Help Spread the Word - Official Comodo banners and logos
=> How can you help Comodo? (Please we do need you!)
===> Help spread the word! (Please read and help)
===> Comodo website issues for submitting website problems only
=> Please tell us your views and Vote here!
-----------------------------
General Category
-----------------------------
=> Melih's Corner - CEO Talk/Discussions/Blog
=> Comodo.TV - Our Internet Video Channel
===> Comodo.TV - News and Announcements
===> Comodo.TV - Program Lineup
===> Audience Feedback and Suggestions
=> Which Product do you want Comodo to develop next?
=> General Discussion (off topic) Anything and everything...
===> Member Confessions :-)
===> Funny Photos :-)
===> Cool Stuff
-----------------------------
Desktop Security Products
-----------------------------
=> Comodo Internet Security - CIS
===> Overview - CIS
===> Help - CIS
=====> Anti Virus Help
=====> Firewall Help
=====> Defense+ Help
=====> Install / Setup / Configuration Help
===> FAQ - CIS
=====> Anti Virus FAQ
=====> Firewall FAQ
=====> Defense+ FAQ
=====> Install / Setup / Configuration FAQ
===> Feedback/Comments/Announcements/News - CIS
===> Guides - CIS
=====> Anti Virus Guides
=====> Firewall Guides
=====> Defense+ Guides
=====> Install / Setup / Configuration Guides
===> Wishlist - CIS
=====> Anti Virus Wishlist
=====> Firewall Wishlist
=====> Defense+ Wishlist
=====> GUI -Graphical User Interface - Wishlist
===> Bug Report - CIS
=====> Anti Virus Bugs
=====> Firewall Bugs
=====> Defense+ Bugs
=====> Other - General - GUI etc Bugs
=====> False Positive/Negative reporting - (Is this a malware that CIS has/not detected?)
===> Virus/Malware Removal Assistance
===> Leak Testing/Attacks/Vulnerability Research
=> Comodo Time Machine - CTM
===> Frequent Asked Questions (FAQ)
=> Comodo Dragon
=> Comodo Instant Malware Analysis Online - CIMA
=> Comodo Disk Encryption - CDE
===> Overview - CDE
===> Help - CDE
===> FAQ - CDE
===> Feedback/Comments/Announcements/News - CDE
===> Wishlist - CDE
===> Beta Corner - CDE
===> BUG Reports - CDE
=> Comodo Secure Email - CSE
===> Frequently Asked Questions (FAQ)
===> Feedback/Comments/Announcements/News about CSE
===> Bug Reports
===> Help for Comodo SecureEmail
=> Comodo TrustConnect - Securing the Wireless world!
=> Comodo EasyVPN - CEVPN
===> Frequently Asked Questions (FAQ)
===> Feedback/Comments/Announcements/News about Comodo EasyVPN
===> Bug reports
===> Help for Comodo EasyVPN
=> HopSurf (Bringing Internet to you)
=> Comodo Online Backup - COB
=> Comodo Backup - CB
===> Comodo Backup - FAQ
===> Comodo Backup - Help
=> Verification Engine - CVE
=> Comodo Vulnerability Analyzer - CVA
=> Comodo AntiSpam - CAS
-----------------------------
Desktop Utilities
-----------------------------
=> Comodo System Cleaner - File/Registry/Privacy Cleaner
=> Live PC Support (geeks ready to help 24/7/365)
-----------------------------
Enterprise Security
-----------------------------
=> Comodo Endpoint Security Manager
-----------------------------
Compliance
-----------------------------
=> PCI DSS Compliance
-----------------------------
Learn about Computer Security and Interact with Security Experts
-----------------------------
=> Computer Firewalls
=> Anti Virus/Malware Products/Other Security products
=> Free Virus/Spyware/Trojan/Malware Removal by Comodo Experts
=> HIPS (Host Intrusion Prevention Systems)
=> Anti Phishing solutions
=> Digital Certificates, Encryption and Digital Signing
=> General Security Questions and Comments (not product related)
-----------------------------
Free Services for End Users
-----------------------------
=> UserTrust - First Independent Website Rating - Empowering our users!
=> Hacker Guardian
=> Trustfax (free Trial) (online faxing)
-----------------------------
Free Products
-----------------------------
=> Link to Free Comodo Products
-----------------------------
International Comodo Forums
-----------------------------
=> International Comodo Forums
===> 汉语语言, 漢語語言 / Chinese Simplified, Traditional
===> Nederlands / Dutch
===> Francais / French
===> Deutsch / German
===> ελληνικά / Greek
===> Magyar / Hungarian
===> Italiano / Italian
===> Nihongo / Japanese
===> Norsk / Norwegian
===> Polski / Polish
===> Português/Portuguese
===> По-русски / Russian
===> Espanol / Spanish
===> Svenska / Swedish
===> Turkce / Turkish
===> Українська / Ukrainian
===> tiếng Việt / Vietnamese
===> Slovenský / Slovak
-----------------------------
Digital Certificates
-----------------------------
=> Code Signing Certificate
=> Content Verification Certificate
=> Email Certificate
=> SSL Certificate
-----------------------------
Web Server Products
-----------------------------
=> Two Factor Authentication for Web Applications
=> Trustlogo
-----------------------------
Other
-----------------------------
=> Forum Policy Violation Board
-----------------------------
Archive Boards
-----------------------------
=> Comodo Diskshield
=> Comodo Firewall
===> Feedback/Comments/Announcements/News
===> Help for v3
===> Help for v2
===> Frequently Asked Questions (FAQ) for Comodo firewall
===> Comodo Firewall Translations
===> Bug Reports
=> Comodo Anti-Viruspyware (CAVS)
===> Help for Comodo AntiVirus
===> FAQ for Comodo Anti-ViruSpyware
===> Feedback/Comments/Announcements/News about CAVS
=> Launch Pad (Discontinued)
=> Trusttoolbar (Discontinued)
=> Comodo Meet (Web Conferencing Product) (Discontinued)
=> User Anywhere (Remote Access product) (Discontinued)
=> Trustix Enterprise Firewall
=> ZTL
=> Comodo BOClean Anti-Malware
===> Announcements
===> Comodo BOClean Anti-Malware FAQ
=> Comodo Memory Firewall(Buffer Overflow Protection)
===> Comodo Memory Firewall Beta Corner
===> Help
===> Frequently Asked Questions (Comodo Memory Firewall)
===> Feedback/Comments/Announcements/News
=> i-Vault
=> Safesurf
Page created in 0.033 seconds with 19 queries.
Powered by SMF 1.1.10
|
SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Design by
7dana.com
Author