Author Topic: CIS 10, CCAV 1.8 and Test.bat  (Read 247 times)

Offline Graham1

  • Comodo's Hero
  • *****
  • Posts: 1871
CIS 10, CCAV 1.8 and Test.bat
« on: December 23, 2016, 07:44:31 AM »
I created a batch file (Test.bat) which simply creates a folder (test) on the desktop. With CCAV, this would have prompted me for an action. However, if I run this test under CIS, a test folder is created on the desktop (no warning, no prompt). Is this correct behaviour? Ok, this file is harmless (and maybe CIS see's it for what it is) but what if it had been malicious and wasn't in CIS's database? (offline/online). Maybe *.bat files aren't considered dangerous compared to their *.exe brothers.

At the moment, I'm torn between using CIS and CCAV. I like the additional features of CIS yet like the simplicity of CCAV. If CIS and CCAV rely on default deny, if I were to go with CIS, do I require the firewall module or does Windows firewall offer enough protection due to default deny?

:)
« Last Edit: December 23, 2016, 07:48:10 AM by Graham1 »
Ubuntu 16.04 LTS (x64) | Chromium | uBlock Origin | Privacy Badger | HTTPS Everywhere

https://www.thevenusproject.com | Beyond Politics Poverty and War

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 947
Re: CIS 10, CCAV 1.8 and Test.bat
« Reply #1 on: December 23, 2016, 11:50:13 AM »
Winows firewall can be set to block outgoing connections too, like that it becomes a default deny two way firewall.
you can also install a sw like tinywall to have a better control over rule making

Offline Graham1

  • Comodo's Hero
  • *****
  • Posts: 1871
Re: CIS 10, CCAV 1.8 and Test.bat
« Reply #2 on: December 23, 2016, 12:26:53 PM »
Winows firewall can be set to block outgoing connections too, like that it becomes a default deny two way firewall.
you can also install a sw like tinywall to have a better control over rule making

Sorry, I didn't explain myself clearly (the end part). What I meant by "default deny" was that I wouldn't need to worry about anything "bad" sending data out as anything "unrecognised" wouldn't be able to run (do it's damage) in the first place.

That said, CIS did not prompt me when I ran the test batch file whereas CCAV did. Shouldn't CIS have prompted me to allow/block this file?

:)
Ubuntu 16.04 LTS (x64) | Chromium | uBlock Origin | Privacy Badger | HTTPS Everywhere

https://www.thevenusproject.com | Beyond Politics Poverty and War

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek