weakness of the gpCode

[Guest]

[Ronny]

Will I create a File Group for this? How can I create that...I am at a loss (Protected Files and Folders/Add then what..? Or Group/Add New Group/..then...?)

Go to Defense+, Computer Security Policy, Protected Files & Folders.
Press 'Groups' and Add, A new group. Give it some name, Scroll to the bottom of the policy there you can find the new group, select it and right click, then Add the lines one by one.

*.txt|
*.chm|
*.jpg|
*.7z|

And which ever extension more you wish to protect e.g. *.doc, *.xls etc...

Press Apply, now IMPORTANT !! Add 'File groups' And select the group you just created.
Make sure it's added to the 'Protected files and folders' tab and looks 'grayed out' then it's active after the next Apply.

Same procedure for \Device\KsecDD

[aigle]

Or you can just wait for the next major version.

And if you don,t use sandbox in next version, wait for version 10 of Comodo Defence Plus that will deal with this behavior of gpcode. 

[voltron]

Thanks.

[morphiusz]

http://blogs.comodo.com/category/pc-security/file-protection/

I want only to remind you Melih, that Gpcode and blackday are truly 'file attackers' .

[morphiusz]

http://www.virustotal.com/file-scan/report.html?id=06e921abf28c4b260c59d61d84a74c3a5dc12ac99a34110ca5480ce61689385c-1307140206

http://www.virustotal.com/file-scan/report.html?id=832863ece8c7eced9395b8929b1557297feab33f8912210e8ff870ed849baab2-1307050715

2 new variants of Gpcode!!
Thanks to God that they are detected.
WE are waiting for D+'s fix.

[Siketa]

http://www.virustotal.com/file-scan/report.html?id=06e921abf28c4b260c59d61d84a74c3a5dc12ac99a34110ca5480ce61689385c-1307140206

http://www.virustotal.com/file-scan/report.html?id=832863ece8c7eced9395b8929b1557297feab33f8912210e8ff870ed849baab2-1307050715

2 new variants of Gpcode!!
Thanks to God that they are detected.
WE are waiting for D+'s fix.

There is a fix already available......set "Treat unrecognized files as..." to Blocked.....

[aigle]

A lame fix indeed.

[wasgij6]

http://www.virustotal.com/file-scan/report.html?id=06e921abf28c4b260c59d61d84a74c3a5dc12ac99a34110ca5480ce61689385c-1307140206

http://www.virustotal.com/file-scan/report.html?id=832863ece8c7eced9395b8929b1557297feab33f8912210e8ff870ed849baab2-1307050715

2 new variants of Gpcode!!
Thanks to God that they are detected.
WE are waiting for D+'s fix.

idk if you still have the samples but im curious to what valkyrie says about them

[SivaSuresh]

Any progress so far ?

[wasgij6]

Any progress so far ?

Yes
with v6 the autosandbox in limited and above can block it, HIPS can now block it, the only one that cannot is partially limited and egemen said this was the expected behavior.

[Tags:]