Author Topic: Phantasy Star Online 2 Containment  (Read 438 times)

Offline NullElement

  • Newbie
  • *
  • Posts: 3
Phantasy Star Online 2 Containment
« on: June 07, 2020, 03:02:38 PM »
Been using Comodo for over a decade, fairly familiar with how it works.

Anyway, here it is:

Phantasy Star Online 2 PC launch, via windows store. Installed on a HDD. Ran the game. Not contained. Moved to a SSD using windows apps move. Ran the game. Not contained.

FOUND THE ENTIRE INSTALL IN VTROOT FOLDER.

I literally have no idea how comodo detected this and contained it. But there you go.

Did not see a border around the exe when I was running it, and it chewed up 70gb of ssd space till someone pointed out that what I was seeing in VTROOT was a containment copy.

Also like to point out that a perfectly running install was located in program files/modifiablewindowsapps
« Last Edit: June 07, 2020, 03:04:58 PM by NullElement »

Offline Dharshu

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 925
Re: Phantasy Star Online 2 Containment
« Reply #1 on: June 07, 2020, 06:44:01 PM »
Hello NullElement,

Thank you for reporting.We will check this issue and update you.
Have a nice day!

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5227
Re: Phantasy Star Online 2 Containment
« Reply #2 on: June 08, 2020, 10:39:10 AM »
You need to review the containment logs.

Offline NullElement

  • Newbie
  • *
  • Posts: 3
Re: Phantasy Star Online 2 Containment
« Reply #3 on: June 08, 2020, 07:48:51 PM »
Attached logs. I did use a program to overwrite permissions on a directory so that I could rename a few files. It did trigger containment. Is that the cause? RE 2020-06-04 04:03:25 downwards.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5227
Re: Phantasy Star Online 2 Containment
« Reply #4 on: June 09, 2020, 10:53:21 AM »
You ran powershell commands from command prompt, which triggered embedded code detection that turned them into a powershell script file, which was then auto-contained, and then all modifications where performed within the containment which caused a copy of all modified files/folders to be found in vtroot folder. Just run reset container to clean out the containment.

Offline NullElement

  • Newbie
  • *
  • Posts: 3
Re: Phantasy Star Online 2 Containment
« Reply #5 on: June 10, 2020, 11:37:27 AM »
Have done so and worked fine. Phantasy Star Online 2 also runs fine. Something to keep an eye out for in the future if I need to change any of the permissions again, thanks!

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek