Found Problem in COMODO it blocks .exe files when ran from cmd but not .bat

[Guest]

[BoosTy]

I did some testing and I was able to execute .bat files in cmd it blocks .exe but it wont block .bat files like it should please fix this bug its a big open door people can just upload a .bat file execute it and wipe out comodo so please patch this and give me credit for finding it lol !

[HeffeD]

Create a .bat file that will wipe out CIS, then let us know. 

[EricJH]

Create a .bat file that will wipe out CIS, then let us know. 

Comodo protects its files as can be seen under Defense + --> Common Tasks --> My protected files.

In what mode are you testing the starting of the .bat file?

[BoosTy]

I ran it in paranoid mode and in safe mode heres what happens

I created test.bat file with       del c:\123.txt

i put it in the c:\ directory

then I open up cmd and type in c:\test.bat

it executes with out any warning at all and the text file was deleted so what i am saying is, if someone gets on the machine, they can just execute .bat files all day long if there able to upload them and get into command, they can clean house or at least do damage , however when i try to exectue a .exe file in command comodo does its job and pops up asking me if its ok , and, also comodo does its job when i try to double click on a .bat file BUT IT WONT STOP IT IF EXECUTED IN COMMAND why not

[SS26]

You mean that Defense+ of Comodo should treat .bat as programs (.exe)? For example, like KIS (see this post and this post with screenshots)?

[HeffeD]

If someone runs a .bat on your system that tries to do anything malicious, CIS will warn you.

.bat files themselves are not dangerous. If you want though, you could add them to your blocked files.

[BoosTy]

Yes it should treat .bat the same as .exe otherwise its useless and I wont use it anymore because, this is how bot nets and root kits it makes there job easy all they have to do is upload a .bat if they get far enough and then they can just execute it inside telnet using command and your making there job easy they can do a lot with a .bat file see whats running delete things kill processes maybe even kill comodo or turn off a anti virus , so this has to be changed this is a big deal , if u guys make it so that it asks hey do u want command to run this .bat file I would love that it would increase protection big time please update this

[HeffeD]

You can block them if you like.... 

Defense+ -> My Blocked Files -> Add -> File Groups -> Executables

You will now see .bat files on your blocked list.

[BoosTy]

lol well ya that will block all of them tho and what if i want some to be able to run i just dont see why this isnt built into the program everything else about it is so good and then one door is left open

[HeffeD]

It's not left open...

If the .bat tries to do anything malicious, CIS will stop it.

[BoosTy]

well the thing is the bat file i made and tested with was able to delete a file on the system  is malicious, also the bat file could be used to gain extra info giving an attacker more info for the next step , is there a reason for letting this run i dont wanna keep posting on it i guess i feel like i'm getting no where I might have to use a different firewall other then comodo but i just love everything else about it would it be possible to include this as a option in a update  ? I think it would be cool to at least give the option

[SS26]

BoosTy

To achieve what you want with Defense+ of Comodo in Safe/Clean PC mode you can try following: set Image Execution controller to "normal" under Defense+/Advanced/Image Execution settings.
Result: if virus will attempt to execute malicious batch you will get Defense+ warning similar to "virus.exe tries to execute cmd.exe". If blocked virus won't be able to call malicious batch. However if you launch that batch by clicking on it in Windows Explorer, game is over. It is because explorer.exe is trusted and cmd.exe is trusted - activity will be learnt by Defense+. Great caution needed if you launch .bat and .cmd from Windows Explorer.

If you want to complete control over batch execution, try following using Paranoid mode of Defense+:

1st way is to treat cmd.exe as unsafe executable manually: do not let D+ remember anything for cmd.exe ever... maybe except calling your safe programs;

2nd way is to treat calls for cmd.exe from explorer.exe and rundll32.exe as unsafe, hence do not let D+ remember these calls.

of course, Image execution control must be turned on.

 

[SS26]

Summary how i control any batch on my system:
 
Defense+ set to paranoid mode, Image Execution control is turned on.
explorer.exe is allowed to call cmd.exe.
cmd.exe has everything set to "ask" with exceptions to call bash.exe and other safe apps.

When batch is attempted to run by unknown program (virus) i get Defense+ warning.
When i launch batch from Windows explorer i get various alerts like "cmd.exe tries to do this and that". If i know this batch and sure it is what i want to run i choose to treat cmd.exe as trusted app without "remember my answer". If i don't know this batch or see suspicious behaviour i choose to treat cmd.exe as isolated app without "remember my answer".

[EricJH]

I ran it in paranoid mode and in safe mode heres what happens

I created test.bat file with       del c:\123.txt

i put it in the c:\ directory

then I open up cmd and type in c:\test.bat

it executes with out any warning at all and the text file was deleted so what i am saying is, if someone gets on the machine, they can just execute .bat files all day long if there able to upload them and get into command, they can clean house or at least do damage , however when i try to exectue a .exe file in command comodo does its job and pops up asking me if its ok , and, also comodo does its job when i try to double click on a .bat file BUT IT WONT STOP IT IF EXECUTED IN COMMAND why not

I tried your scenario and when explorer.exe automatically starts cmd.exe you won't get an alert. However the c:\ folder is not a protected folder so you won't be alerted. When you store 123.txt in, say for example, c:\windows\system\ you will get alerted.

[mxnerd]

I have an executable that needs a parameters to run.  So I created a DOS batch file that appends the necessary parameter at the end of the executable.

I try to put the batch file an the executable in the "My Own Safe Files"list, but only the exe file is added.  The batch file was always kicked out.

What can I do?

In training mode.

===============

OK.  Found it was blocked by Computer Security Policy.  It works now.

[Tags:]