Author Topic: does CCE load any temporary driver during the scan?  (Read 1743 times)

Offline wisentgenus

  • Newbie
  • *
  • Posts: 2
does CCE load any temporary driver during the scan?
« on: August 08, 2017, 08:41:19 PM »
Does CCE load any temporary sys driver during the scan?
On Win7 the  DriverView tool [http://www.nirsoft.net/utils/driverview.html] reports a driver with <random name>.sys loaded from Windows/System32/Drivers. this file does not exists. it disappears after second reboot after scan (first need for CCE).
 

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: does CCE load any temporary driver during the scan?
« Reply #1 on: August 08, 2017, 09:41:47 PM »
That doesn't seem something from CCE.
Quote from: wisentgenus
this file does not exists. it disappears after second reboot after scan (first need for CCE).

Fortunately, CCE comes with amazing KillSwitch tool!

To see if Killswitch can help locate that driver, please see enclosed snap.

Find "System" in "Processes" , right click on it and select "Properties" and then go to "Modules" tab and find that driver and right click on that and select "Open Containing Folder".

Please see if that helps.

Thanks
-umesh
Does CCE load any temporary sys driver during the scan?
On Win7 the  DriverView tool [http://www.nirsoft.net/utils/driverview.html] reports a driver with <random name>.sys loaded from Windows/System32/Drivers. this file does not exists. it disappears after second reboot after scan (first need for CCE).
 
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

Offline wisentgenus

  • Newbie
  • *
  • Posts: 2
Re: does CCE load any temporary driver during the scan?
« Reply #2 on: August 09, 2017, 02:08:38 AM »
Yes, I used it and other tools. The driver is dynamically loaded at runtime. I suspect CCE. Because it only happens during the CCE scan.
GMER is loading driver for scan too but at least it shows this driver as "...(GMER)" in own list.
Could you check with CCE developers on that?

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4090
Re: does CCE load any temporary driver during the scan?
« Reply #3 on: August 09, 2017, 08:41:12 AM »
CCE loads ccekrnl.dat which driverviewer can show as seen in the attached report. Note remove the .txt extension.

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: does CCE load any temporary driver during the scan?
« Reply #4 on: August 09, 2017, 09:47:34 AM »
Yes and this driver file is present in CCE folder.

CCE loads ccekrnl.dat which driverviewer can show as seen in the attached report. Note remove the .txt extension.
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek