Author Topic: Comodo 5.8 bypassed by trojan GPCODE  (Read 28182 times)

Offline AyeAyeCaptain

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 618
Re: Comodo 5.8 bypassed by trojan GPCODE
« Reply #75 on: October 23, 2011, 11:07:21 AM »
ok, i don't uptade to lastest version. Thanks

Does not make sense not to upgrade as same in 5.5... and with 5.8 you get much better product (read release notes). Just saying...  ;)
Film Scum Remake
Comodo: Where is your Tool
User: What Tool?
Comodo: This f****** Tool.
Protect Yourself With Comodo...... lol

Offline ailef

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 906
Re: Comodo 5.8 bypassed by trojan GPCODE
« Reply #76 on: October 23, 2011, 12:06:26 PM »
why not just turn off windows crypto service? That will stop it easily.
if I stop the cryptographic service, it can affect my VPN ? as i use a certificate to connect to the server.
Windows 7 ultimate 64-bit SP1 - Comodo Firewall 5.12 - Panda Cloud AV Free 3.0.0 - Sophos Virus Removal Tool 2.5

Offline ktxgio

  • Newbie
  • *
  • Posts: 22
Re: Comodo 5.8 bypassed by trojan GPCODE
« Reply #77 on: October 23, 2011, 03:48:08 PM »
Does not make sense not to upgrade as same in 5.5... and with 5.8 you get much better product (read release notes). Just saying...  ;)
I'm thinking of upgrading in the next few days

Offline vix123

  • Comodo Loves me
  • ****
  • Posts: 123
  • I don't use an antivirus that doesn't pass VB100
Re: Comodo 5.8 bypassed by trojan GPCODE
« Reply #78 on: October 24, 2011, 06:26:27 AM »
if I stop the cryptographic service, it can affect my VPN ? as i use a certificate to connect to the server.

No. It only affects your ability to encrypt files (which I find extremely important but I understand for some users is next to useless).

Keep in mind that this "solution" is doesn't really work. A malware can simply enable the service or use its own encrypting functions instead.

Offline ailef

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 906
Re: Comodo 5.8 bypassed by trojan GPCODE
« Reply #79 on: October 24, 2011, 11:49:53 AM »
No. It only affects your ability to encrypt files (which I find extremely important but I understand for some users is next to useless).

Keep in mind that this "solution" is doesn't really work. A malware can simply enable the service or use its own encrypting functions instead.

okay, thank's for that info.
wich application is used to encrypt files for windows 7 ? it's bitlocker ? i got no TPM chip on the desktop.
Windows 7 ultimate 64-bit SP1 - Comodo Firewall 5.12 - Panda Cloud AV Free 3.0.0 - Sophos Virus Removal Tool 2.5

Offline voltron

  • Comodo Family Member
  • ***
  • Posts: 82
Re: Comodo 5.8 bypassed by trojan GPCODE
« Reply #80 on: October 24, 2011, 12:33:42 PM »
I've been wanting to ask this one since it is related to the GPCode weakness,

Is the rule GPCode Killer>\RPC Control\protected_storage still applicable to the new build 2131?

I already applied "?:\*" and "\Device\KsecDD" in the Protected Files and Folders.


Offline Ronny

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13404
  • Volunteer Moderator
Re: Comodo 5.8 bypassed by trojan GPCODE
« Reply #81 on: October 25, 2011, 05:50:41 AM »
I've been wanting to ask this one since it is related to the GPCode weakness,

Is the rule GPCode Killer>\RPC Control\protected_storage still applicable to the new build 2131?

I already applied "?:\*" and "\Device\KsecDD" in the Protected Files and Folders.
We'll in general those are all workarounds and malware code dependant, only "?:\*" will guard all your files if the malware is sandboxed.
The others will only block specific samples with specific tricks, and that is when the AV doesn't have a sig for it already.
Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline kail

  • Mostly Benevolent
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11277
  • The future is much like the present, only longer.
    • COMODO's free software!
Re: Comodo 5.8 bypassed by trojan GPCODE
« Reply #82 on: October 29, 2011, 10:34:01 AM »
Note: Topic locked by OP.
My System Details: W8Px64 with CIS 6, Firefox 26 & Becky! 2.65
Forum Policy.
____
The problem is not the problems, the problem is people's attitude towards those problems.

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek