How Comodo protect my system against Trojan.Win32 GPCODE ?

[Guest]

[slayer76]

I tested new Comodo against  Trojan.Win32 GPCODE.    And Comodo protect my system . I just add my local disks to protect files and folders and everything is just fine .

[a256886572008]

?:\*

This one is better.

 

[wasgij6]

?:\*

This one is better.

 

do you know what the difference is between ?:\* and \Device\KsecDD?
i know can be used to block gpcode

[a256886572008]

do you know what the difference is between ?:\* and \Device\KsecDD?
i know can be used to block gpcode

CIS auto sandbox can block the following malwares by adding this rule.

?:\*

1.
GPcode

2.
the .bat script malware that deletes all files or hides all files

3.
the malware that infects all executable files or all script files

--------------------------------
\Device\KsecDD

block GPcode only

[trscsaeg]

why doesn't comodo just add the rules needed to protect against this in an update as a temporary solution while they work on a real solution so that average users can be protected that don't visit forums

[Siketa]

why doesn't comodo just add the rules needed to protect against this in an update as a temporary solution while they work on a real solution so that average users can be protected that don't visit forums

+1

[evil_religion]

do you know what the difference is between ?:\* and \Device\KsecDD?
i know can be used to block gpcode

Won't ?:\* block many other actions too?
Then quite less program would be working in the auto-sandbox.

And \Device\KsecDD? might help to block this particular GPCode sample but your files are still not protected, other ransomware or viruses might still be able to alter your personal files.

The best solution is IMO simply adding your important files to the protected ones, this will always be safe.

[joe7]

hi, is it possible please, to be shown how to add these settings to CIS please, thank you ,     

[Siketa]

hi, is it possible please, to be shown how to add these settings to CIS please, thank you ,     

http://www.youtube.com/watch?v=p2ZV4aEeNy0

[naren]

CIS auto sandbox can block the following malwares by adding this rule.

?:\*

1.
GPcode

2.
the .bat script malware that deletes all files or hides all files

3.
the malware that infects all executable files or all script files

--------------------------------
\Device\KsecDD

block GPcode only

Adding these rules, do one also need to set sandbox to untrusted or the default partial limited will do?

Thanxx
Naren

[pikusek]

I have a strange and stupid question. What is a differance between "?:\*" and added default "*" ("All applications")?

[GOA]

The best solution is IMO simply adding your important files to the protected ones, this will always be safe.

Can you give me or us an example (Screenshot) ?

Thanks

[a256886572008]

I have a strange and stupid question. What is a differance between "?:\*" and added default "*" ("All applications")?

*

It contains  "device\*", "systemroot\*", ..........,etc.

But we just want C:\*, D:\*, .............,etc  be protected only.

The rules of COMODO is not the same as that of other HIPS programs.

[a256886572008]

Adding these rules, do one also need to set sandbox to untrusted or the default partial limited will do?

Thanxx
Naren

keep the sandbox level as "partially limited"

[RejZoR]

I certainly hope they will add \Device\KsecDD as a default entry in Comodo now...

[Tags:]