Melih & Devs are playing with us. They pinch us & leave with a naughty smile on their face. They post exciting info, you quote & ask & they just leave smiling 
Thanx
Naren
I used CCE KillSwitch for the first time today and found three programs that need to be added to the white list d/b.
Where/how I do that, please?
Regards,
mgb
Hello MGB,
Welcome to the forums. Thank you for helping to expand Comodo’s whitelist.
Please post the files that should be on the whitelist in the this thread:
The thread is for CIS, CCE, and killswitch since they use a similar database.
I think it would be nice if Killswitch would:
- indicate that a file has been submitted to Comodo, and
- give the option to send a file to comodo as “not suspicious” (so it can be added to the whitelist).
Thank you,
Whoop
[quote author=egemen link=topic=79476.msg569656#msg569656 date=1324054610]
Hello Everyone,
COMODO Cleaning Essentials 2.3 build 176 has been released.
No Russian and Turkish language
when can we expect to see DACS back in cce. I know it’s still works in an old build last time I checked but when will it be back? is it development suspended? and when will it become a priority again as I know some things took priority over dacs?
My opinion connected with last released MBAM with Chameleon Technology built in.
How it works? It uses some scripts named in that way to prevent malware killing it (e.g. firefox.exe winlogon.exe rundll32.exe - FakeAV doesn’t kill essential system processes, it’s obvious).
Then script is searching for known malicious processes. If any malicious processes is found it will kill it.
And in that way it works and allow user to run the tool.
Is it better than Aggressive Mode?
Yes and No (rather No)
Why it is not better?
1.It needs to be installed.
2.It’s more difficult to use (Aggressive Mode needs also to be Shift key pressed, here you have to find Chameleon folder and run appropriate file).
3.It works only against known malicious processes.
4.It needs Net connection in order to update.
5. Sometimes malware crashes explorer.exe so navigating in the system is impossible and you cannot get to Chameleon folder.
Why It’s better?
- When malware modifies .exe classes in the registry PE files (.exe) won’t run without virus permission(CCE.exe).
Aggressive mode is useless here, because malware will block execution before activating Aggressive Mode.
As i said malware modifies .exe classes. Chameleon is based on many different types of files (.com, .scr, .pif, .exe as well - in general you can chose) so it can bypass this easily. Chameleon is effective here and it is able to run and kill unwanted processes.
My proposal?
… not to copy…
but to make CCE be able to run even under very hard conditions make a script (.com, .scr file)and while running CCE in Aggressive Mode activate it. (you can connect these 2 methods).
It will kill all unimportant processes in the system (just like Aggressive Mode does now). Without updating, without searching KNOWN malicious processes. Terminate all (excluding essentials ones to keep system running) and then launch CCE. It would finish this problem with malware which modifies .exe classes in the registry.
That method was known previously, in Rkill.
but create a log of what was closed before cce runs so that people may be able to better identify what may have been causing problems on the system. rkill is a nice tool.
Hi egemen ,
Please Turkis language added ?
It’s a good Program. And it runs so well. Thanks to Comodo for this software.
Nige
Today i used it to clean one of our terminal servers from a Fake antivirus.
Maybe i didn’t look at the right place but is there an option in killswith to send a file to virustotal?
I only found to option to upload it to comodo.
No, there isn’t.
How was your cleaning? successful?
I killed 3 exe files and deleted them with killswitch. They where only detected by Mcafee and Nod32 (heuristics) on Virustotal. After that i had to manualy unhide lots of folders with a program called unhider so that it could be used this day. Tonight it gets a new and clean image.
The Terminal Server profile from the user who started this messs was broken. i gave him a new one
didn’t there used to be a way to send files to virus total through cce somewhere
yes back when killswitch was based on process hacker
yes back when killswitch was based on process hacker
is this option going to reinstated ?
CCE’s only real issue IMO is the amount of FP’s, the option to easily cross check with virustotal makes sense as well as been so much quicker and easier
MW
im hoping they bring it back. iv requested it a couple times
im hoping they bring it back. iv requested it a couple times
:-TU
Lets hope so, right now i use killswitch to find threats and process hacker to upload them to VT/camas,
Only slightly quicker than finding the file/entry/etc an uploading them directly but a lot less steps,
If killswitch is going to be included in CIS V.6 i think this option will be another weapon in its arsenal that will keep it ahead of the game.
IMO Hitman pro 3.6 really benefits from this, and the fact that it requires you to create a VT account can only be a good thing…the more members of the VT community the better right ?
MW