What to add to CMF exclude list

tag1123

Newbie

Offline

Posts: 16

« on: October 26, 2008, 03:44:24 PM »

what programs are "safe" enough to put on the excluded application list? there are lots of buffer overflows for "good" programs, like explorer.exe or firefox.exe, so if we can't trust the good ones not to give us a BO, what can we trust?


	Logged

doktornotor

Comodo's Hero

Offline

Posts: 222

Re: What to add to CMF exclude list

« Reply #1 on: October 26, 2008, 04:29:54 PM »

Pretty much doubt that your explorer.exe or firefox.exe BOs actually are false positives. As for what to add, Java and OO.org is well known to cause issues.


	Logged

fazio93

Comodo Volunteer
Global Moderator
Comodo's Hero

Offline

Posts: 2454

Re: What to add to CMF exclude list

« Reply #2 on: October 26, 2008, 04:33:44 PM »

I would keep the exclusion list clean. Only add something if it is being flagged as dangerous when you know for sure it really is safe.


	Logged

Windows 7 Ultimate 64-bit
CIS 5.12.256249.2599
Please remember to follow the Forum Policy.

doktornotor

Comodo's Hero

Offline

Posts: 222

Re: What to add to CMF exclude list

« Reply #3 on: October 26, 2008, 04:37:20 PM »

Quote from: .FaZio93. on October 26, 2008, 04:33:44 PM

I would keep the exclusion list clean and only add something that was being flagged as dangerous when it really is safe.

I think you are missing how CMF works... There's nothing flagged dangerous when it's safe, this tool detects buffer overflows, ret2libc attacks and corrupted/bad SEH chains in real time as they happen. The only purpose of the exclusion list is to add executables that tend to be incompatible with CMF.


	Logged

tag1123

Newbie

Offline

Posts: 16

Re: What to add to CMF exclude list

« Reply #4 on: October 26, 2008, 05:34:03 PM »

Quote from: doktornotor on October 26, 2008, 04:29:54 PM

Pretty much doubt that your explorer.exe or firefox.exe BOs actually are false positives. As for what to add, Java and OO.org is well known to cause issues.

sorry, my wording was obviously misleading. it was not my intent to say that i got false positives. i meant to say that BOs have been reported online for programs that are not natively malicious. i've not had a BO yet on my system.

[ at ]all
thanks for all the feedback. i'll keep my list clean, then (until provoked to add an incompatible file Grin

)


	Logged

doktornotor

Comodo's Hero

Offline

Posts: 222

Re: What to add to CMF exclude list

« Reply #5 on: October 26, 2008, 05:36:57 PM »

Quote from: tag1123 on October 26, 2008, 05:34:03 PM

Once again, the purpose of CMF is NOT to detect malicious applications but to stop buffer overflows and similar attacks which attempt to exploit vulnerabilities in real time (similar to DEP).


	Logged

tag1123

Newbie

Offline

Posts: 16

Re: What to add to CMF exclude list

« Reply #6 on: October 26, 2008, 08:24:15 PM »

doesn't detect malicious applications; detects applications acting maliciously--semantic clearity noted Thinking


	Logged

doktornotor

Comodo's Hero

Offline

Posts: 222

Re: What to add to CMF exclude list

« Reply #7 on: October 27, 2008, 01:13:28 AM »

I'd suggest reading this article, you might get a better idea of how CMF works and what it protects against... Wink


	Logged

Tags:

Pages: [1]

« previous next »

Jump to:

SSL Certificate

Free Virus Removal

Firewall

Page created in 0.052 seconds with 22 queries.

Design by 7dana.com