Comodo 5.8 bypassed by trojan GPCODE

[Guest]

[AyeAyeCaptain]

ok, i don't uptade to lastest version. Thanks

Does not make sense not to upgrade as same in 5.5... and with 5.8 you get much better product (read release notes). Just saying... 

[ailef]

why not just turn off windows crypto service? That will stop it easily.

if I stop the cryptographic service, it can affect my VPN ? as i use a certificate to connect to the server.

[ktxgio]

Does not make sense not to upgrade as same in 5.5... and with 5.8 you get much better product (read release notes). Just saying... 

I'm thinking of upgrading in the next few days

[vix123]

if I stop the cryptographic service, it can affect my VPN ? as i use a certificate to connect to the server.

No. It only affects your ability to encrypt files (which I find extremely important but I understand for some users is next to useless).

Keep in mind that this "solution" is doesn't really work. A malware can simply enable the service or use its own encrypting functions instead.

[ailef]

No. It only affects your ability to encrypt files (which I find extremely important but I understand for some users is next to useless).

Keep in mind that this "solution" is doesn't really work. A malware can simply enable the service or use its own encrypting functions instead.

okay, thank's for that info.
wich application is used to encrypt files for windows 7 ? it's bitlocker ? i got no TPM chip on the desktop.

[voltron]

I've been wanting to ask this one since it is related to the GPCode weakness,

Is the rule GPCode Killer>\RPC Control\protected_storage still applicable to the new build 2131?

I already applied "?:\*" and "\Device\KsecDD" in the Protected Files and Folders.

[Ronny]

I've been wanting to ask this one since it is related to the GPCode weakness,

Is the rule GPCode Killer>\RPC Control\protected_storage still applicable to the new build 2131?

I already applied "?:\*" and "\Device\KsecDD" in the Protected Files and Folders.

We'll in general those are all workarounds and malware code dependant, only "?:\*" will guard all your files if the malware is sandboxed.
The others will only block specific samples with specific tricks, and that is when the AV doesn't have a sig for it already.

[kail]

Note: Topic locked by OP.

[Tags:]