Author Topic: Constant ret2libc alerts on Vista x64 (Solved)  (Read 14082 times)

Offline ruoja

  • Newbie
  • *
  • Posts: 21
Constant ret2libc alerts on Vista x64 (Solved)
« on: April 26, 2009, 08:51:23 PM »
I've just installed CMF 2.0.4.20 in addition to Comodo Firewall and Avira Antivir on Vista 64-bit, which is also a fresh install - I'm doubtful of infections, especially as none have been actually detected and CFP doesn't inform about any abnormalities.

Anyhow I'm getting constant alerts from CMF about ret2libc type attacks and most seem to occur with Windows system applications, but some also with console programs. Something I find peculiar is that the memory address is always the same.

Are there any known non-threatening conditions that can cause these alarms or a known bug? Or should I file a bug report?

Here's a screenshot of CMF's log window:


« Last Edit: April 27, 2009, 04:41:58 PM by ruoja »

Offline fazio93

  • Comodo Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2455
Re: Constant ret2lib alerts on Vista x64
« Reply #1 on: April 27, 2009, 04:24:44 PM »
Just wondering. What version of CFP are you running and do you have Defense+ enabled? As of version 3.8.64263.468, memory firewall is integrated into D+, so COMODO Memory Firewall is not needed.
Windows 7 Ultimate 64-bit
Please remember to follow the Forum Policy.

Offline ruoja

  • Newbie
  • *
  • Posts: 21
Re: Constant ret2libc alerts on Vista x64
« Reply #2 on: April 27, 2009, 04:41:32 PM »
Dang, I was just about to add that permanently disabling Defense+ stopped the alerts. CFP is version 3.8.65951.477.

Not having read the release notes, I wasn't aware of Memory Firewall getting integrated. I was under the assumption that the Safesurf Toolbar was still the only form of this kind of protection included with CFP, and I never installed Safesurf.

Thanks for this information!

Offline fazio93

  • Comodo Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2455
Re: Constant ret2libc alerts on Vista x64 (Solved)
« Reply #3 on: April 27, 2009, 04:50:12 PM »
Glad you worked it out. :)
I'll lock this topic. PM an online moderator if you need it reopened.
Windows 7 Ultimate 64-bit
Please remember to follow the Forum Policy.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek