weakness of the gpCode

[Guest]

[Peter5]

There is nothing wrong with that; it's actually a very good and sane idea: you are making a layered security defense.

Thanks EricJH,

It is always good to have a confirmation from the experts 

[Josh™]

Method 1: Add you sensitive files/folders to CIS protected files list and you are done. For example, you can add My Documents, My Pictures folders or *.doc, *.txt, *.jpg etc. to your protected files list and it can be protected.

Method 2: Always run your WEB browsers in COMODO Sandbox by adding them to Sandbox pemanently. And while doing this, make sure File system and registry virtualization are both enabled. If you do this and accidently get gpcode or something like gpcode or actually any virus from WEB, they will be running in a virtual file system and hence they can not acess your files or folders.

You can also directly run GPCODE with right-click menu in CIS sandbpx and you will see it cant do anything.

Method 3: Block all unknown files with D+/Sandox.

Josh

[trscsaeg]

Thanks for the reply. I don,t insist that Comodo people use same technique/ hack used by OnlineArmor. I will be happy with any solution provided it work. I will reaped it again.

Still there is one thing missing. What about uesrs who are not using sandbox and are using just proactive HIPS feature of Defence Plus. It is not very much practical to add all your sensitive files in one folder and then protect this folder. One might have many .doc, .txt and image files scattered here n there on hard disk. Besides what you will do about blackday trojan that is targeting so many types of files.

I think they will need the HACK or some other smart idea as they are not using sandbox anyway. Hope I made my point clear.

Thanks for all your kind input and replies.

this guys question is still unanswered unless i missed the answer or just didn't understand or recognize it as the answer. i am very interested in seeing an answer to this guys question

[aweir14150]

this guys question is still unanswered unless i missed the answer or just didn't understand or recognize it as the answer. i am very interested in seeing an answer to this guys question

See the post above yours. The file would be blocked, not sandboxed. Blocking unknown files has nothing to do with the sandbox as far as I know. If it's blocked from running, then there is nothing to sandbox, it won't execute so you are safe.

[trscsaeg]

i thought this bypassed def+ or was that only for users only running def+ in internet security configuration and not if the user was in proactive configuration

[aigle]

this guys question is still unanswered unless i missed the answer or just didn't understand or recognize it as the answer. i am very interested in seeing an answer to this guys question

I think there will be no answer as they don,t think that it,s impotant issue to be addressed. Sad indeed.

[morphiusz]

Yes.
I tkink that Comodo

1.Strong HIPS.
2. Av, then.

[done75]

Did the last update fix the problem?

[morphiusz]

Gpcode?
No.

[alexo2003]

Sorry for my misunderstanding, but ...

In first message we see, that even being sandboxed gpcode does make its bad work. Then egemen writes that Sandbox ideally restricts any malware. So, what about Sandbox in CIS (with strong settings, not default ones), does it prevent from trojans/malware/etc.?

[EricJH]

Sorry for my misunderstanding, but ...

In first message we see, that even being sandboxed gpcode does make its bad work. Then egemen writes that Sandbox ideally restricts any malware. So, what about Sandbox in CIS (with strong settings, not default ones), does it prevent from trojans/malware/etc.?

The sandbox does protect against malware. During testing during the development of v5 the sandbox with default settings was tested against 15,000 pieces of malware and none of them was able to infect the system. That gives a bit of an idea about the strength of the sandbox. And that is with default settings.

However, this is one of the malwares that does slip through the cracks of the sandbox though.

[trscsaeg]

will defense + block this with default settings in the next version? if not will it leak out of sandbox ith default settings. i've read previous post saying the av detects this and that's good but does it detect it on access?

if so then that's great because comodo is all about prevention first if possible and then av to catch things that get by but if people don't have CAV then they're screwed unless they have an AV that detects this on access to prevent gpCode

[malik1976]

Cool. :-TUIt does not block it with default settings. However D+ is capable of catching it. You need to manually add some things. Read Ronny's contribution under this.

Sorry as I am quite slow on this. How can you place the *_CRYPT in the Blocked Files? Blocked Files/Add then what...? Can someone point me towards it please. I just saw this thread was away for a couple of weeks. Just update to ver5.4._.1355 and then I saw this along with the other posts connected to GPCode.

Will I create a File Group for this? How can I create that...I am at a loss (Protected Files and Folders/Add then what..? Or Group/Add New Group/..then...?)

Other thing is you can protect your favorite files by adding them to the protected files and
folders list.
e.g.
*.txt|
*.chm|
*.jpg|
*.7z|

How can I also add these to the Protected Files and Folders?

After testing 6 different versions of this stuff I only found one setup that would kill all
\Device\KsecDD
Needs to be added to protected files & folders to block them all.

Again for this, how can I add it?

However, this is one of the malwares that does slip through the cracks of the sandbox though

Reading along the replies I surmise this is a temporary solution to the vulnerability, yes? Then how can we set D+ in ver5.4._.1355 to be protected from this trojan? Possible settings in addition to the suggestion of Ronny...

I use Sandboxie 3.54 paid and all my browsers are always sandboxed. In addition I have set 'unrecognized files(s)observed will be treated Restricted. What can I do further? I don't want to change firewalls now as CIS has grown in me and I am happy with it. I just wanna be safe from this trojan.

[voltron]

I should have posted the same question. Howcan I place the CRypt in Blocked Files as malik asked aslo.

[Ronny]

Sorry as I am quite slow on this. How can you place the *_CRYPT in the Blocked Files?

Go to Defense+, Computer Security Policy, Blocked Files.
Add, Browse, In Add new Item, type *_CRYPT and press [+] Hit Apply twice and it's there.

[Tags:]