Author Topic: How Comodo protect my system against Trojan.Win32 GPCODE ?  (Read 25998 times)

Offline slayer76

  • Comodo Loves me
  • ****
  • Posts: 131
How Comodo protect my system against Trojan.Win32 GPCODE ?
« on: October 20, 2011, 06:00:55 PM »
I tested new Comodo against  Trojan.Win32 GPCODE.    And Comodo protect my system . I just add my local disks to protect files and folders and everything is just fine .

Offline a256886572008

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 918
Re: How Comodo protect my system against Trojan.Win32 GPCODE ?
« Reply #1 on: October 20, 2011, 06:46:54 PM »
?:\*

This one is better.

 ;D

Offline wasgij6

  • Volunteer Moderator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3771
Re: How Comodo protect my system against Trojan.Win32 GPCODE ?
« Reply #2 on: October 20, 2011, 07:12:35 PM »
?:\*

This one is better.

 ;D

do you know what the difference is between ?:\* and \Device\KsecDD?
i know can be used to block gpcode
| Win 8.1 Pro (x64) | UAC Disabled | CFW 7.0.317799.4142 | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 16gb RAM | Samsung 840 Pro SSD |

Offline a256886572008

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 918
Re: How Comodo protect my system against Trojan.Win32 GPCODE ?
« Reply #3 on: October 20, 2011, 07:49:19 PM »
do you know what the difference is between ?:\* and \Device\KsecDD?
i know can be used to block gpcode


CIS auto sandbox can block the following malwares by adding this rule.

?:\*

1.
GPcode

2.
the .bat script malware that deletes all files or hides all files

3.
the malware that infects all executable files or all script files

--------------------------------
\Device\KsecDD

block GPcode only

Offline trscsaeg

  • Comodo's Hero
  • *****
  • Posts: 1161
Re: How Comodo protect my system against Trojan.Win32 GPCODE ?
« Reply #4 on: October 21, 2011, 03:52:26 AM »
why doesn't comodo just add the rules needed to protect against this in an update as a temporary solution while they work on a real solution so that average users can be protected that don't visit forums

Offline Siketa

  • Comodo's Hero
  • *****
  • Posts: 4646
  • ZIG ZAG
Re: How Comodo protect my system against Trojan.Win32 GPCODE ?
« Reply #5 on: October 21, 2011, 04:04:18 AM »
why doesn't comodo just add the rules needed to protect against this in an update as a temporary solution while they work on a real solution so that average users can be protected that don't visit forums
+1

Offline evil_religion

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 475
Re: How Comodo protect my system against Trojan.Win32 GPCODE ?
« Reply #6 on: October 21, 2011, 05:19:45 AM »
do you know what the difference is between ?:\* and \Device\KsecDD?
i know can be used to block gpcode
Won't ?:\* block many other actions too?
Then quite less program would be working in the auto-sandbox.

And \Device\KsecDD? might help to block this particular GPCode sample but your files are still not protected, other ransomware or viruses might still be able to alter your personal files.

The best solution is IMO simply adding your important files to the protected ones, this will always be safe.

Offline joe7

  • Comodo Family Member
  • ***
  • Posts: 83
Re: How Comodo protect my system against Trojan.Win32 GPCODE ?
« Reply #7 on: October 21, 2011, 06:04:34 AM »
hi, is it possible please, to be shown how to add these settings to CIS please, thank you ,  :-TU   ???

Offline Siketa

  • Comodo's Hero
  • *****
  • Posts: 4646
  • ZIG ZAG
Re: How Comodo protect my system against Trojan.Win32 GPCODE ?
« Reply #8 on: October 21, 2011, 06:15:07 AM »
hi, is it possible please, to be shown how to add these settings to CIS please, thank you ,  :-TU   ???
http://www.youtube.com/watch?v=p2ZV4aEeNy0

Offline naren

  • Comodo's Hero
  • *****
  • Posts: 4376
Re: How Comodo protect my system against Trojan.Win32 GPCODE ?
« Reply #9 on: October 21, 2011, 06:24:13 AM »
CIS auto sandbox can block the following malwares by adding this rule.

?:\*

1.
GPcode

2.
the .bat script malware that deletes all files or hides all files

3.
the malware that infects all executable files or all script files

--------------------------------
\Device\KsecDD

block GPcode only


Adding these rules, do one also need to set sandbox to untrusted or the default partial limited will do?

Thanxx
Naren

Offline pikusek

  • Comodo Loves me
  • ****
  • Posts: 137
Re: How Comodo protect my system against Trojan.Win32 GPCODE ?
« Reply #10 on: October 21, 2011, 06:56:01 AM »
I have a strange and stupid question. What is a differance between "?:\*" and added default "*" ("All applications")?

Offline GOA

  • Comodo's Hero
  • *****
  • Posts: 576
Re: How Comodo protect my system against Trojan.Win32 GPCODE ?
« Reply #11 on: October 21, 2011, 07:21:43 AM »

The best solution is IMO simply adding your important files to the protected ones, this will always be safe.

Can you give me or us an example (Screenshot) ?

Thanks
CF 7.03
Windows 7 x64

Offline a256886572008

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 918
Re: How Comodo protect my system against Trojan.Win32 GPCODE ?
« Reply #12 on: October 21, 2011, 07:23:40 AM »
I have a strange and stupid question. What is a differance between "?:\*" and added default "*" ("All applications")?

*

It contains  "device\*", "systemroot\*", ..........,etc.

But we just want C:\*, D:\*, .............,etc  be protected only.

The rules of COMODO is not the same as that of other HIPS programs.
« Last Edit: October 21, 2011, 07:35:14 AM by a256886572008 »

Offline a256886572008

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 918
Re: How Comodo protect my system against Trojan.Win32 GPCODE ?
« Reply #13 on: October 21, 2011, 07:27:01 AM »
Adding these rules, do one also need to set sandbox to untrusted or the default partial limited will do?

Thanxx
Naren

keep the sandbox level as "partially limited"

Offline RejZoR

  • Comodo's Hero
  • *****
  • Posts: 1172
Re: How Comodo protect my system against Trojan.Win32 GPCODE ?
« Reply #14 on: October 21, 2011, 08:06:32 AM »
I certainly hope they will add \Device\KsecDD as a default entry in Comodo now...

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek