Author Topic: What to add to CMF exclude list  (Read 11406 times)

Offline tag1123

  • Newbie
  • *
  • Posts: 16
What to add to CMF exclude list
« on: October 26, 2008, 03:44:24 PM »
what programs are "safe" enough to put on the excluded application list? there are lots of buffer overflows for "good" programs, like explorer.exe or firefox.exe, so if we can't trust the good ones not to give us a BO, what can we trust?

Offline doktornotor

  • Comodo's Hero
  • *****
  • Posts: 222
Re: What to add to CMF exclude list
« Reply #1 on: October 26, 2008, 04:29:54 PM »
Pretty much doubt that your explorer.exe or firefox.exe BOs actually are false positives. As for what to add, Java and OO.org is well known to cause issues.

Offline fazio93

  • Comodo Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2455
Re: What to add to CMF exclude list
« Reply #2 on: October 26, 2008, 04:33:44 PM »
I would keep the exclusion list clean.  Only add something if it is being flagged as dangerous when you know for sure it really is safe.
Windows 7 Ultimate 64-bit
Please remember to follow the Forum Policy.

Offline doktornotor

  • Comodo's Hero
  • *****
  • Posts: 222
Re: What to add to CMF exclude list
« Reply #3 on: October 26, 2008, 04:37:20 PM »
I would keep the exclusion list clean and only add something that was being flagged as dangerous when it really is safe.

I think you are missing how CMF works... There's nothing flagged dangerous when it's safe, this tool detects buffer overflows, ret2libc attacks and corrupted/bad SEH chains in real time as they happen. The only purpose of the exclusion list is to add executables that tend to be incompatible with CMF.

Offline tag1123

  • Newbie
  • *
  • Posts: 16
Re: What to add to CMF exclude list
« Reply #4 on: October 26, 2008, 05:34:03 PM »
Pretty much doubt that your explorer.exe or firefox.exe BOs actually are false positives. As for what to add, Java and OO.org is well known to cause issues.
sorry, my wording was obviously misleading. it was not my intent to say that i got false positives. i meant to say that BOs have been reported online for programs that are not natively malicious. i've not had a BO yet on my system. 

[ at ]all
thanks for all the feedback. i'll keep my list clean, then (until provoked to add an incompatible file ;D)

Offline doktornotor

  • Comodo's Hero
  • *****
  • Posts: 222
Re: What to add to CMF exclude list
« Reply #5 on: October 26, 2008, 05:36:57 PM »
sorry, my wording was obviously misleading. it was not my intent to say that i got false positives. i meant to say that BOs have been reported online for programs that are not natively malicious. i've not had a BO yet on my system. 

Once again, the purpose of CMF is NOT to detect malicious applications but to stop buffer overflows and similar attacks which attempt to exploit vulnerabilities in real time (similar to DEP).

Offline tag1123

  • Newbie
  • *
  • Posts: 16
Re: What to add to CMF exclude list
« Reply #6 on: October 26, 2008, 08:24:15 PM »
doesn't detect malicious applications; detects applications acting maliciously--semantic clearity noted :THNK

Offline doktornotor

  • Comodo's Hero
  • *****
  • Posts: 222
Re: What to add to CMF exclude list
« Reply #7 on: October 27, 2008, 01:13:28 AM »
I'd suggest reading this article, you might get a better idea of how CMF works and what it protects against...  ;)

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek