Recent Posts

1

Free Modsecurity rules - Comodo Web Application Firewall / Re: False-Positive report thread

« Last post by azizarnold on Today at 02:29:37 PM »

whmcs rule 212740 giving 403 or 404 error when saving general settings section of whmcs:

[Sat Jan 23 21:07:43.738998 2021] [:error] [pid 12154:tid 47343734961920] [client 1.1.1.1:59421] [client 1.1.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "image\\\\/svg\\\\+xml|text\\\\/(?:css|html|(?:x-)?(??:ecma|java|vb)script|scriptlet)).|.application\\\\/x-shockwave-flash" at ARGS_POST:emailglobalheader. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212740"] [rev "6"] [msg "COMODO WAF: XSS Attack Detected||www.domainname.com|F|2"] [data "Matched Data: text/html; found within ARGS_POST:emailglobalheader: <!doctypehtmlpublic\\x22-//w3c//dtdxhtml1.0transitional//en\\x22\\x22http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd\\x22><htmlxmlns=\\x22http://www.w3.org/1999/xhtml\\x22><head><metahttp-equiv=\\x22content-type\\x22content=\\x22text/html;charset={$charset}\\x22/><metaname=\\x22viewport\\x22content=\\x22width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no\\x22><styletype=\\x22text/css\\x22>[emailcss]</style></head><bodyleftmargin=\\..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.domainname.com"] [uri "/fpdw/fpdwad/configgeneral.php"] [unique_id "YAxz-3FXFwXY10Y-67Ks2AAAhQc"], referer: https://www.domainname.com/fpdw/fpdwad/configgeneral.php

2

Free Modsecurity rules - Comodo Web Application Firewall / Re: More WHMCS Woes

« Last post by azizarnold on Today at 02:27:47 PM »

We had a whmcs customer with the exact same issue.
Had to disable rule 212740

Code: [Select]

[Sat Jan 23 21:07:43.738998 2021] [:error] [pid 12154:tid 47343734961920] [client 1.1.1.1:59421] [client 1.1.1.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "image\\\\/svg\\\\+xml|text\\\\/(?:css|html|(?:x-)?(?:(?:ecma|java|vb)script|scriptlet)).|.application\\\\/x-shockwave-flash" at ARGS_POST:emailglobalheader. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212740"] [rev "6"] [msg "COMODO WAF: XSS Attack Detected||www.domainname.com|F|2"] [data "Matched Data: text/html; found within ARGS_POST:emailglobalheader: <!doctypehtmlpublic\\x22-//w3c//dtdxhtml1.0transitional//en\\x22\\x22http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd\\x22><htmlxmlns=\\x22http://www.w3.org/1999/xhtml\\x22><head><metahttp-equiv=\\x22content-type\\x22content=\\x22text/html;charset={$charset}\\x22/><metaname=\\x22viewport\\x22content=\\x22width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no\\x22><styletype=\\x22text/css\\x22>[emailcss]</style></head><bodyleftmargin=\\..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.domainname.com"] [uri "/fpdw/fpdwad/configgeneral.php"] [unique_id "YAxz-3FXFwXY10Y-67Ks2AAAhQc"], referer: https://www.domainname.com/fpdw/fpdwad/configgeneral.php
Hope that helps

3

General Discussion (off topic) Anything and everything... / Re: Video of Lynxes filmed with drone

« Last post by EricJH on Today at 01:59:30 PM »

There is no stand off in the video only facts?

4

AV False Positive/Negative Detection Reporting / Re: Submit Malware Here To Be Blacklisted - 2021 (NO LIVE MALWARE!)

« Last post by meldan on Today at 01:32:32 PM »

Hi,

Thank you for your submission, we'll check it.

Kind Regards,
Erik M.

5

News / Announcements / Feedback - CIS / Re: Comodo Internet Security 2020 v12.2.2.7098 Released

« Last post by jay2007tech on Today at 01:31:10 PM »

I want to know if there is another way to turn off COMODO, like a Service, until I install the driver, because reinstalling COMODO is very complicated!

WOW, Uninstalling Comodo just to install something is a horrible idea. Anytime Comodo gives you a issues like that or windows update, just disable "HIPS" (If your using HIPS) and "AUTO CONTAMINATION" Then Install whatever it is, when done installing, turn on "HIPS" (If your using HIPS) and "AUTO CONTAMINATION" That's all

6

AV False Positive/Negative Detection Reporting / Re: Submit Malware Here To Be Blacklisted - 2021 (NO LIVE MALWARE!)

« Last post by ZorKas on Today at 12:57:53 PM »

###############################
# MalwareBazaar recent malwares
# Last updated: 2021-01-23 15:13:11 UTC
# Number of entries Malwares (Full) = 260176
###############################
Hi Staff,

Link Full_Malwares > https://e-nautia.com/zorkas/disk/Utilitaires/CIS/Full_Base_Malwares_zip.zip

7

AV False Positive/Negative Detection Reporting / Re: Submit Malware Here To Be Blacklisted - 2021 (NO LIVE MALWARE!)

« Last post by meldan on Today at 12:48:33 PM »

Hi,

Thank you for your submission, we'll check it.

Kind Regards,
Erik M.

8

AV False Positive/Negative Detection Reporting / Re: Submit Malware Here To Be Blacklisted - 2021 (NO LIVE MALWARE!)

« Last post by ZorKas on Today at 12:33:00 PM »

###############################
# MalwareBazaar recent malwares
# Last updated: 2021-01-23 15:13:11 UTC
# Number of entries Malwares = 605
###############################
Hi Staff,

sha1_hash

0e5572cf3d3dbfb0650f24abed83d8e1b6c2d8c0
2d834cbb1b05b7ff64f082c6b854bb016877557d
fe22b2c9588eff3053636641659f3ba8aed9e986
f56b208dccc32ca59b45787969a30415936b914f
4543e6da0515bb7d93e930c9f30e40912d495373
e01c814d6a4993c74a2bfb87b1b661fe78c41291
a97893ab95f794cabc261483423f942f552926d0
5a83878725f803a3e843b18fd0379ff22ae77283
17cf9d7a5eb6727ea64db789b93ac41a894f5293
c6acbdd324e42e9c96dd196d011b5f0c5a3021d4
687acfa5ad571b7e4377f040f7ad79645fe6a400
e6ad2224a0d917d40986eb8f6914cebee3f4037b
36a49121763e469d441e2c37a87b74cad690be57
311e0c81af2ce1daabc16cb7d656f671d7a09013
476c133118dddb3eeb192c3cfcd90080ebc07662
01617a6f8e05a50843e65b960e0acfdf04235bf5
52e18c0a549da08f1e25f124c57d5eed3c5d258a
aab62ec97c0c7c45606ee845a8e764d8269ce0fe
1aa91df78dbdaf7964e49ec65b18e4e51b2cadf2
bb967d094feec46de373244547cf1bd7df283eab
e42de892502859628d3f8166327358ce18a119a9
b221f38382edcaf7a6d76c6426a27695f0f4744c
025eb1d6ea589bb207a49d179555594010cd0e15
a8b9cad83461d5e7da296d482c0c5ff307df85d4
46dcd3d985873562f47e0c38ef6d8a98512ce786
ddc8a1c48132bddb71407d413409403a788cb65f
7fa79fb096c942483874ec7241e40f71ab81fccf
8d78b09d6f71331ae1efba50543bda6102eaf2ac
eee1a905e937c5bc8069f6f5eb8f2638c19642ea
888a2b478336cd2c3bfd4c1c40c524f79519ea82
e71ed345eb9b7b6a5ed29121f4ae279abe15a79f
b343978428e5233f7cc4f3ec52814988cb6d3639
a5a60dda611b373605d10770298c768fd854ff85
b7ca4118eab252bc4758fa18265b04a2afbbf9c2
4b1baae469afa17d470bcc54c3da790226ad0cbf
0d8d90e58f6b431ea3ce65dc65274b4787badab4
082a38e3aa973b2947a4796aa0daf707621be91b
524667143618bb4201adfbe89160ae44614da194
32df47947e9459c3608fc3ca9e951779e3dc4e22
4783fdce064e093cada30eb8df06a02af55db08f
e00baada460f130347473b46b34b02a8e973e60f
8df815d83d2caf5c1bd07cb6a7787411e3ce60c4
4ee9f0d47a42a6f0f2ba907e5d49cfc81ad8f38a
a12adc6c864c5638b8572ce83e96137b8ab2b3f8
1eb536513e538ac45104f250685f0180fc05a758
9ac3b2c620e29e93ed0678b9601d875e7a7f20dc
a1c4be6739527c3cae7a4f33afc921634991999f
73013027e5a44a8467a600862afa2166bb4d422b
9ff6537edff20481a55af0172ac4cfb360068651
a747798caed810f7c9288a79c488125817fbfc1b
558e0e3ad162a9a0d66cda57a33be8cd1bbe0dcc
0f38bd2f387b3decd48168931e7ac19d918b4bf4
a8578a485340dc6f364a50298cff5464f7ffb147
9dc0eadfa842565905ca1670a665ea13ae2f49bd
65b4330297ee7109ae7470b96539870c6dd86ef2
80b49959f2c670e9bf928f2df145ac0541933936
60e9b03d5e71dea835fa78f0ed262ce97695c78a
c13f0f29ce15d1910d0d6ed82f8e65ab89a38742
a2cf61a177e4a3a4d17a79c0fac5c6e6cf86d448
569d5f355c9d91546642a4c7da5411fb798d6c10
a01b7f4aac19dd2db327b67dcbc035f4d6682a9b
3d092c34a99e39cf1735d24cdc2d1f8153ee9d7b
4df580da0bf86432ad466b16f33e0594437e2fed
eee19dcdf533479b89ded86a66379e4364d985b0
2731bb3115108d14d2a4d5abd49aef32468961c9
58f8e9f6f6b4725a21421191ca029c9b91dd81bf
e0ed5768cb021030dc3d1e07ec8ccf6ae09336e8
de90822e4cbe30561904fb106fe2d2458c1c644f
01abf05ffc96e80cbbe289a9a450c6c504fc48c3
5c695b1caf12640d12198e9c4748b34a9a00dea1
51d2c195e278518ad33aace818220bc73edc60e4
c6bd82397712b7993a72cd96841f022e725bdcda
4fb5fada8485f5f672e338ad717061c279c26ac7
4719a3bc17206aaaacec01f7162f806fbb9e4fb0
2ae9eb8b61090e292e18c68df8bf8a69ca4168fd
8a890d734088bd63b258d8658349bfc65fd59b9a
c17ea465befcc8780a98c64326090d587acefe8c
91cb6f64dc8a4ae94d907400bbfa47a2cd9bddf7
a78c334cf3f1b82096da33d7af2442b76dccc100
91b574527145800c9c2ffbf93ce1b9a616102e00
b4840aee7410cfae12fe5261695d03df458991ab
9deead1e6e4dcc847f4cd7b98b95c010cc73c7a6
f0d7a886988fb31309ba8b123da251a763fbd8dc
aa105736e997e95c30797789bc43f8036864b5b6
c3f051e759125e891dd69dcebc242089db32d6f7
5657a0c1aab81f627950e9fa9604b80b651dad26
631677462c02cabf4ede0e91aa2980dbf9814265
13a4422124af8accab5f439a1ac0b6745beddaf3
6f3756bb5d215224a11ce40d63958eb106760d22
6631d8c0b413b5e3fb8d34d01e68ad5ec2a61c96
91d283641e893779384d7e699ea240f3077b45a6
302ee6d0b1815eb14dce841001e55660e686f580
b9a6db025c08b2e6a2d8da4f7c23a403025a1d06
5d3d4220a80109f90100fbbb11a4e3fa6b0e9ae7
de888d4683e9c78eed161d8ab3ae311b82c37e52
8d593bf5a2545e15050a22497bb568ce784ca3d0
4426efa33f3fb066a5c2c720e30fdbc22d06c019
2a7ad469d4d7789974af3fcc30841fa47345b64c
1d870c800b55734e60470f00015f466f6425b66a
affa1298878168f1da9a9c03d982e5f5eff3e538
eaa4653757582c165ec7a7dfc7d49d6c0605d327
e304dcdb87e824927a09aba7950203242838ece1
3fbc56fa548e01b2a4b8083e06c1fabd58e1e2a0
0def939d88382c357df5ec7e865641446236fffe
9e6c80ec859a5f37bacd3ffa62d739176c41788a
3155906f6c56ad5a99759c771086a1b381615acf
75163382fa5e694d2a78761ff6288a788162f8d5
34daf13b0bdb68aee7c07a474591583bcbdb80ed
d5c6f0ec37fe02fb33561636844ca8b82b921edf
7526ec01514f13c4e4cab072a6ba7750e8c78aec
a1e5c3f18f60cf5634e788b4f4beb1428f7e51ea
15768079c7fcf6545c10a443405616a9ccc962c1
5b0c50adbc8129c27576b07a7945ec764666ca34
ffa6a86d785a9bdeda9e8f236e454c7fac9190c4
94b8854d238d7c23e8e6e5dc4b9ee766cebe3af2
0d66fc4192de17bbdada419a71934b5c01f00d7a
e21d39b233196a59d60fb13506ea5f8f99fa9ff3
64c64800923e63b4e3051a2aa50cdaf4c62a7658
08801180b8f5cd04af29fc96942ad09b1f567df6
0bf70392cf12a1a2f4688adf5bc980ac0c05d8cb
043d18ce8440d04763a627ccf7d20ea6cbf3b492
c2b97b01ff745b1b739b1a2052763f5b3441ee49
bd9130f19a8a687328f54db4f5867f56f83a10af
c73d2bb07a12b8a2e0e68e522e9f7dae01f306a0
73acaf6cbeb0e9cf1aabf3a8d1223819b4b20d9e
bf98041d56df9ad689b9e13d73b5fca587cc10f2
a13ebdd703a1ffd6d5b7eb9b594fcbca6440a446
c4b7d236ae0bf296da5f6395c3cad2a471eec469
1f705e2b828b4e26c36a423aef2c76bc1d9dfa92
18854dba16cb2b3aa751073454210c3f33d4ceef
cdb7371dd1835f9e15ed7508b3e35683b0ac043a
7d1dc379eeca948140f8e62719e6412c9c8cc31a
ab2d8e7c794a3e90b97dc7779d4edc772aa737a8
46d13bac5b73a969f95239df07c4684233cd91d4
3dc50a38a0e51433221a4913e7ddda7925394661
57c68d4a21937666ce3f8f9cc7a603f13fa79928
5df667fde34cf9719a4ad1cf8850c3c3b9f411ba
57a5f7bcfd0af99e8288c9bd827136e144e05c35
f96ce9ca1852a0b89d43746b9a8ef9f206b3dc8b
c62b2f6a54f4fdce54c06d4054949912a5803aba
d49552c578ded7d157d46bec5030f675ffa6288e
ead8fab3bb6f752efb0431461379f1ba4329b760
ab079f9c6d56ac6244fd9edf6cf5f728a2d3e177
c7cd749ff2d9920e8888b0ada9067c9519528add
eda193cf91c2d2a912bf6814c14d5edfae50716d
0923b52ce04898f45f5a6a95c6d7f5d219457bb8
8d85972103dd087d77887e66846af87dcd5ba5d6
ec83fa3e529453d877f7cb173ffe41af8b24608f
6ce5c72739d1eb09ba4914521e0a94a0800bf783
8c63a9eb4476b35ccd08d68e79427ab2055a73ce
d4902f7a230f04d46d33ef9f81b02e437aec8160
9462bc7c3445bef08729493df2355964cc3cce5e
e9e5f60b898a3892ca0be9725ee178b6db472802
95726a018493e3aec50ca14a4be4587b00d8555d
f5a17ef4f13b1209f840e6d43fca722036f1c619
52ce7416f3709ad9ea6fd5c0a3dd4dc38e51eebf
b4c8105790c357ef9136855d8c8bd239d0fe3426
763df97b13be6b635db3f73d44bfd1cfc8f168dc
31019e3bd5324768ce7f2342b36bc61c9b89caaa
cb84b0b062f8bf3d292639fe1c9d7a41c4427b1e
5927f206d7dbfb7ff050012d8ed2903b0fcc08c2
d9de5f7a2a300ab5954147e099691841317b379d
500e773da77b54b0f04ecc952fe628e44e1e8a23
feb48f8fd3d99b14c431848d5877561adcbec8ba
7ec3885b7e0740b3510f415f5f9d7c6a063f63ec
eb48a17d9c5b823d598858dadce1b66003829a09
57f526f8de39485d1ca6913ea8af06191425341d
a30fd23c86d3e368e1edcf65f68b1988933d5362
274a708db50c2f262cf68b2f251eb931ad3a4906
12f529918c52efbd6f0a33edbbde693b95a3da5b
34184b2731f109fe615a395c392b43bc67e21b3b
320253cb425e70dfd70358685a948268beb4e787
6249ca8aa8877bb38783f33eef0c85a55ea791bf
d9bef419faf77ddc014cc81c5e5765dcda556b47
c03a0957aec72499b7cdd4130570a58ba9a10c2d
44e1c7215e986cd0727a2dae22125945f9a23f19
d926a1af27fd483daf75baa0b083239d968ffa80
3eb2e1f789deb3ab1d11012104f2862622a236df
904f7880d8688561be02c93d9ce310a1212463da
7fb6906505ce365d21e6b38601d6af57f7807667
1c3306d121a64467829942ef53425f7073ae69f5
1f60ef6effeded0aeab837dac4d69444f95b011d
1bb6275e5781817afdb2fb69553c1ac79c85bb5e
eaf406a8a4d41cb5f3f1d87fcd0c8fa7e60f5394
d2857b865af5676a6e5f9c2c565fb218072681fe
e517c9a4162fe822a4a51b55a8870c348bee172a
c231cde829e0ab1140a84c01a2d54e4b41a259e3
19dc9047002418ca3e0a3d41dcbbefa7df321086
fb6d821f7e40daf8fd2e59e530a8df7704a6b858
7286f125449b9409f7318e37ecd012f54f151439
af1750136fecb1c90ed2dd933c8d7431a6f43324
72d7d945c1f567c62266389dec7398faaf0be4ad
2efc3b9ecd0f44c0df628398a4976bb511314327
39d74d1046ae26402bbdd08b24134d3f558b82b6
6b226bc0df7e314da6bd67bb837293ebec19fd4f
66aff8bef8ae77c85b139f3049e4c6a378ff230d
49b4fd17e2136e2a7f0909cd213d999ea1ddff2a
2e7bdb96d24671ff80049065ef114bcd01774c48
d42a36604ddfd02a856eed8213542ef6637c39ae
60725174bf5ea3c20fb36aa8d04258dea4c63c2f
69b97dd6b650e6f7e2604b8606ecf72b452599e1
a5d685fdbbaabcd8a6e05caf5a4379d92919a83b
6a0b90e9b0861cb42fecd217651d25c2e9eabf7d
213b6a10fe9926aa3368032e5ffa57e238da4f1b
2e624220372efb39426bb4e950c3f89c9cd5b319
d102c709fdaca6a469215ed81efb84fe46d264b0
6ef7e19f547ea75fd6d23358eb68149edeb79fb8
c54ef946108bac0596dfb1e471342ccd03177a49
a30a1aa8853544bf0cc90f5d9d1fff9a02da56d4
fe20a130586e98ece805dc536b2a0a1fa8ded317
90614b67ffdfa1fc9d0847f1389f6eb06bb3f175
c87f44d502c7fea10acd5b70810e84c18a86595e
7eb2fec9a29db033615dfa6a62e4c7324e5353e2
239f1194dff12e2cd96614c10c6511403182e2f5
4a8cc1020ae2c11f2c8b129f3120b447e64a5cfa
675afe437566fcb16454c03db0543601653c81f6
a9f6fbcace510b1c0c5fa5531ef1f7810eaf160b
5a029b24c2306e994b005eb478ddae73b5691bb3
f675c0aa46a18a6026f0d541fce6a75688a018aa
ab9b530337cfd66dded602fd9c7ec426393d1421
3bf7f0ab479a05005528ee01e10cdac9a4d09b0e
6291e60663a7fac5f5351018560bf351651057cc
00626c47052d5af0344af6e23a097c99b7f00c7f
b611b372dc40c114d2fb52cf967ffb9062728372
04188ee134754b8d276509f28ed7d3a007d63526
03fc839a5431c26036ed8c8c2f08293c521d7fb1
bbad9da5a0914ce4957b4f42844715429c1756e1
0bc38d3f720c3704b24d8037fba35e99950e8547
2383d82a1dbed7ce3c52ebafe3ac37a64be2f385
22e6404f79878305629634fe99ac17b87a4b3516
34344292e95b4723ad8ac70b21c1ab6e152f38f8
b8c030d9fb5c9a230d4d3c866d03e524bf30b4a5
c987c4f4c504bbf3c1092ae45ec0ac0c15852099
7c86176f30bf38ac5a59fa25ef2393b75cfd9053
dfe90f6dc22e0610180bb3c72ef1398b711022bb
264abbba7463a48cb8cb21d5f7bcfb5b93a81933
80e3af67f591cf1ec4ded6f50c6541be219c6ebd
bf77b2394d129b8c35bafff800b0cf61d508e8b8
a4e967d880595eff0870bab470761eec13f5f4bb
59d3221fdead04be167634116ee4646fbf5ca510
d889b4eaec46fbd5c0989c2e1cc33973415c256c
a7b95e6aa8cb4d2fb83da38a78bb6964ffe4bd8f
9d60d24299762f4aa7fa71838b58e4e747b95df6
1f07b147da7d6a01979652aaefe6fd60a01af0d2
3dfc2c65b6285dd7cc0a20951d87f34b957e5a75
b66e4838c9881ab5e07f9dba9f3e28131ac41943
98078a632a4a242ad7df1be32f601b5594ac2903
b74b11bfc458c1506aba5700f4fbd1f8ca91a980
2c9592cd3c1174048d62780fe076ef3eabaac5d2
f7b4b8be3a86d0e93f6bb35ced507dd032556722
1bfb546710e6accc335eb7a0a1bf71c3bf882ae2
91a442aad01996471eb073c503e59e6ba55b4ba8
a1a567c6b4a5a5e6cd4bfca67a2575c468a256a4
d5f54fc47b8bddda519ffe379ba6e3d3c86c8eda
6ee623279a1014f6f2a3536b8ef9e74f5c736ce6
4c71e4171052f9d9021fb2a2b49c9c5d4f9f6262
2336e34bce4851611bbc76fb60a2e840693e1c98
f82de7f992e2f3448dc13de6befe7fef7e11568d
3aebba395e5eea4aaa961fb1efd1fea5bd547277
cb054ef4b4a9cfa47002731448cd4366ca36864f
f2889f3892c2a526e7d6958c7a185c448f89df1b
496430bbb013411df604514f3b9bd5a23f769d95
e3a63ffee10c9d5963e48f4f487be2de326c8b44
f3c2aacc1c81f58e9975f4e89fab04ebd1d87377
bf58fab8d09c5c67927c649b67e6c79f0c82c34e
78a7b68aef1dea2cbffa418c1d260db89bab3068
9a64864875e17ac2e83f22c11bfcabfa57bc965d
4d0b677800ddb1b13adcbb0e2fca31781bc7d2fb
bd565137d6ee08ea1ffc77401a46e1a16aa40016
d67689f50307a1a6de8a1f94b7a24b2b12bf6540
5810cb32ecfb69edb9855f9d45ec229e4dea8da1
8060a306d40bbd25cd0f38e8a77ce0559a0e328b
0377420c91853235af30677ec145cb232266a024
162674ec5b1fd17412041df76e5d6e69770376aa
ecdd9bca1155e7171b5045940a966222fce82e63
7d1ef8f4f4a3f9a1c106a4cf2356ab2b030b9165
d00821b86d3d39194447db0ca1f3385f3e939398
430a63909c90ddbd38b5d624ce8744c0a6f8f294
f1ec5e5dc56472ab7f62155bf91cccba35851e8a
f8be7eb926b08d9a2ffde25e7dd20c23f6858d74
189509ee51aae87f21188cf75c1785207a92ec54
98d32f418c3ccb967b90d756461d11bd22fc1d3c
57ac225a57dbe9777068b25eb3c8fc76652c606d
ddef6d36856468b8c56d6ad4cd4dac18e3468754
bb1f857b286724ea63cfb1f465d0215450255790
6e0abbcb5ffc543f91314fa95dc12cf677eae19c
84cced75f811e0b6fcc66504e83ad11e2a046836
766f2786add6d9754ba866e2d80644f12cf8b9c4
163549805e0f4880ae517e46c69c7e2c9b7d1d50
6adefbb84a34c9e405839bea6db5bafc2aaa4ed5
be468eba35978c199093d31b80d5c98789f220a1
41e12d8354c1ff8b7e6fec456912c5df6555163e
3aa1ab5afb4ce2aa7c81b91faf78e6e0be5ae6d5
bf591894637e4d0df9579bfe13a1ea28625ccd8c
7dfd55a3d384cd7aa843caf75b0824d76070fbbe
50f852f8ee58844120be5e245bc22f31ea5631ac
8fe739c7aeafdf8ea150afcfa5f28854fa02fb65
df17d7fb9d88a59ea2251183ecbcd707f33dec06
fddac0351793973147f8e54aee5106f71ed4ae49
fa88af48dc8b4077faa2dd0829e8757797c23e79
b7f1c0551170df8e945d51d60e031994e7eaa907
6a6d455f32f6d8f9f45cdb25bdade3736579311e
d6a667f1900e3797d4719f510b75a29dcbacaab5
e6902e11caefe86d886a97d9abf4599cb6635625
8bcb11182c5b4f8e0f663994a2f15ac0d33e2966
491009b2f813c068e76c4931e8c3ad61e3d6e5ab
965a67b35e87b04327393d51985a02c25dfdb1bb
577eae501a5d0c4101abbacc2e46cb8362de0829
265d764c46102043e8d55406d324447560574863
2ef2d50396da0c712ff082db5825546bcac66967
c6560ede13093791a8dbe8e74b731d58238c3028
34a9353e09bd63e42b6bd942618ddfaf48748020
c4cce6118020a4a8ef3b09da1cd10b79f8491306
42b9c8f01507fe010a80c836847fd301d52d7664
661f65c4445f77eaf7fe012a76e466a5902173e6
37bb57a4c4578df73b9348f40f037822e88833d4
fbdf3628dc7ecf118a1d94eda7618d1f91cdacc6
8777fc24c6b79f40619efd4b5074a161d863cb2f
1c353f83bdd4c530ff3ae2682f53b813c73f96fd
951e7147a04d1097c01dbe403dd9e1b93bbf939e
bce905a19e4c8a07c328cb166a64f7fbb8c37d46
a46f50f6090f2c4f375a32aaf7bf49521b9bc465
70470a6d6b3fc2a8efc04ad97b0843b7ca0bf2ee
8897404cfce6d8e9a9db1c71889279923f87f140
494f13242df0d1cfedada1dbf6ca8e47583bce5d
9158c69b6ca0ffca566d9689fb140b4973203fa0
1942f251e03e8bf0cb92180fa61d234baaa31256
6a1fe53132e5492d01c24a2d6dfef95b6758b7da
d7efd57f3ff3dd58bfff40d18c8dd70d58b2a1fa
a179add5b90cd6a523822bf4751a9a38a95b14ca
ed4ea129af86f1879ca0fa9e9c7e8f4a051a0bc5
b3df57969e1e5d336459c7e5bbdc740b456abebf
e862603451c7e9f6e081b605c5b66b3db394db45
bfe77955067bed43c5c95996aba948d3ed0d7703
d5963db09c8eeca130af07e3882092eb2843d404
3215dcff890c50d396df0f0b3bb4a80c1a138660
c5b32e8491994855cb143c1a6f3e3579b97a0395
634117d62efb9354a1b932b14cdb8cb90a8cf96c
243f2433ce6b2319158c383c8189665a8718a5e7
a4164357a8c256c71f61f0de22e52ff1819758cf
d9e97d4b7a441e77ff2dc4fbe481b8a4bdb4376f
834ab167b814047f821b80f2da3d29c69b0642a3
85ba803766c364dbea3edb6bf589fb4540ec0b8a
d447b0c51bf24c2b2d2dba111236a78a0ebf4732
2b53ac9f7b1cf21d3fccbf794942dbc1d6c26803
820008dc8b7c7cf4570bf4dd58e7c2825b1df35a
1ffc79fde43e746e826f32a018e02a65fc51602e
36120e1bee3ee0782b43a3dd82f339a9b9f9ae9d
f3803cc39c30ff2b9d79ec714e7a0d8d1baefdf4
d6787fff2e719832289f7a8aa291b2b21465a2b0
e735a591c50fc903d6ab930fb19385776d78f8f0
075c6c06080a5662eb649c407d53bbf9b696a03f
4f19406b4b940eabb5334abf83d129f48921cd07
3a9f981af864a1c265a4199006657f92da6935ab
e1847f65c16a0a29724b97e535c590897b278ec6
9459e181f8a5a48c101d97daeecd68273a721b08
50c69661aad974ef9852b1eaaf498ad2181a19d7
5516bad136e9dfacdbfc483be7223f4c06339115
e8d85e7df637a890db3a6d30c2c0947d913c12fc
6a86e4ecd6529345e29fb461b59787a7560f4865
5ca556aea4facb1539a147b65881b3e043d1dccb
7dd0df3dcc6f275471605434eef5e27681673683
8a75db87fb9a1cfc0c8dc24d42dcba490919c954
92d64784fcf3f8871595b8a70342f4df45331f79
9e64249d65f5516aaeefd20eec81ff9ea92d61c9
3c7323c0d1c8180fa64ca8b6c6b82fe4e30ad92e
ab155ff39189fb193fe380a955728f392fbcadf1
edd981926ebd3df9d664ae155ce454d51f67b418
4900808bc0e901ebf307e785324583cd523b8261
e7414e914167f75b0945fa874ed2ea86d4836581
43f800228bf4401a06ad271470ac7f415eccc864
bd4e85fcf1f36517429de5c64b682dc0566e6bae
fa29ea0f3c997ef85c9fbd0a3f27d57344f15dd1
f698e89c2f16c02de7183a2c47ac31fda700ce3c
5d88e0ceae84649806199df0384ed55d8c20ed65
dee5ab23ff6f339fabddbb5b2bedc9d13329682c
a4d3be86e65e4ef9ee27f3d5fb2674d35407ba43
cec0bfec250fe5f031e90ff5aaf5b15c6216f222
356d0ed9b1919f0580cac3563259c7e5c9edc3cd
90c4d944f28167a4320c66a9efcab331e978f8d7
eb043c7435526162e7e3a85005421fba3c1f3618
7ece54e11fec1398df013a728c3dfb3ceb0bc050
bb7097101b26eadb4af50f6e2bb21c2cad610217
a3d1b6a707b971638ff56f7470daecdf7b93a346
c252dbd1653bbfc5bb2941b8965c9daf41e066f6
238b48e5544d5654fadfaa25a2a55b024452ad6b
f32edbdb11334a56ebe58c3caa3dc2452e69180b
0c3699cf3a892cd4a9057b24a0b5e5083b55923f
79f62189cca9d966bf5fa783f54d6ad9032fe820
967ac2725a7be422b5b1349c971dd792c877ff47
98f18f3e3dce449b095c9d12bd7086875d75a6a3
12da5ac817e1eec0c095ce1417f51b8eced592c1
4a979e1b300c5f8bc628b56780573dc8ae17aed0
0c4a6de9f38984d388ead2c429db993f5d9bc6ea
42573a556a33aabab2a10c56a52800f7b96e3c50
611c78eee2ddb71f73065a4e7c8a990929016415
3b8a32637250deb548fc6ebff5d00ad33a82fe0d
dc2aabc9b019199d32c000a8e18e63cafa4fbfd3
169255531a255c357293c87401f9da42d58f15a0
25940977def5168c591890523485ce466e3ce169
0556ac38bcd83f2eb14be6df74408652a33d5485
a2994c2c3f532bdbbf6338c7072e69d63c962551
841123f23a70f505ed7a9e605c8c64d1edfed726
6dff683b345b65b13d2631402114b9178b3b812e
615297290f6353a5c9f35819b41b4ef0635b9675
b8a9c7b99ccffbc8b1905d58fb27efe5b1f7bd4d
ec6a41d84dc00faf8fa2b2c8eca9964161008d6b
d5cc7dc1083508dbe5531db67a3f78866e00330c
bddb75a5aa6ed1272307ee096b59e2e61076a6f9
3f54621b0fd5bb9ae4f20c41fdc937a6654f9269
26c46504c293311f0403bf699f2ddc6cacb63c5b
4be32b59e712434095cf428b2ad211ddd8d87656
2a0a98f48da234377ffb2afdfc55b2bc29903d14
09555e60a416c2d05a56a8544cbb37b07c434805
21d494d1d1565a99593635a2ca7ef1b9f549040a
416e71c6d021f1c0c32f7899067934dbee27616b
d57cb7e62bed15d778e026ed0b8af9fa38be951f
9480379ac3cd119fdb719f0a7825f5e4f999ade8
a158a070897a423c7487e9123340f33cddb78e7e
7e5205c24030350e5a7609616fc3259126f5b0a6
e2e686e5d73e46c67c7549da07a7d370a39970c2
452e2118da24ddcc5901939e1ff07f9945720e43
15f3109ff7d00ee862c9de1e802ba1917bac5956
495e99faf7d9f324a5fed35a439679189575aa40
263c2fbc950a12432dbd88d1d9238e25ad4a22e6
0e47b669b2e65a2feda0acdf07e654b358dacb2e
3d3b3e5f9ca28c17ce02bdea3e6b697749ade04d
d7419be7b98d03cb1b8976d197404a253eef5fe4
21d3798d1a29d9f66155f36539b514545ecbe6d2
204e0200e2c648edf70d90472e0b6c4b15bc58c8
1bb17eef59764e84f95b7a5c0aad649b8517ee43
8d75108ec34fd79f8336041d5ff31443cc527add
74bed3302c4bf96eb8a23c14fcc7335429ae8705
0cfb6b72a8e95823b1d2217051b93cfcf2abf631
487cd577e95eced143030254ccbefb4ab15338c7
9166aee4a6815e4f67e0ae43344d8ca144958d47
f21eab77269e5415888e2bb9a341135da80325ed
cddc4f2499ffb79666db8b8c38d9f2c74b9ab219
b4c30a2ef464e338b8af2bb1ccd8ab00451ff6d9
9832f46048a23417445a4e17d2a9bda67fd75133
ead8e4a6bda2e8570ef6585b22f01795ace04b5a
ab2948d1dfae6c4a29241dd5c4abe261b5dd0c20
599f3ed25603c0315ac8f85449c708095069d1ff
19fad6f30f2b31fec8708a9897c630f8065f61a5
2c80a727d63c077ad321ec1033583d2b095001c3
53b5dc8875711fc8782a5e688125489a0596ab4f
6defcb2d984e3bc2b5cea266e1d6a009646d6831
6136733b5990a3a68cd01221e0f3dad4a7ddeaa9
f2329a7d7326e5b8309c499241b62532f3a90bff
690aeb28b9e5ed2a3f6eb2396da836651c1bc795
473e5ddb68275afba681213c7293219f93c8a7d4
2cf05041a901ecc437f3475d67046dbc19a07398
96ff9794cf429dd2bd8c7744622e28df2d6032a0
50c06ee54498c3a960baf9aca1f62909edf1981c
3b7ac5f2c70b064bad498cfb20a3b1807d15b1be
2930ac4696a59dfc871bef76050570a68ae8735c
5feb29b6f20b663d0bc52ab04dad1cf0abdc8471
101b89112be002d90e39b62496e79146ab8fc87a
91da3b8dd9d32d7ad783976d49bb449a9140e4ef
0e0645f784a7785b97538bc3ade85a3c41cb21f6
968dbec4a0bb42fca8fdbb8db4debff613bbf749
521f95888c534e2b6492398840bb9b0b0d135def
4e6deb23340f1fb4b52154942bbad86c151cf6eb
63ae40cb4487efbcf57d305edffcbd6365d7d704
b2faa156fe7b9c03de235e14a5f399b576b60be5
c2334eac7456b9c139f4fa33240ad9cf77fdf58b
c1cd4e2faa596c26da8a917fb8eb6ea09a186b4e
46bc470f61b8f74b91ad52001667f0287816ce68
3c4090a6ae20f948b50ed3203483568aa8cac2c1
841ce2a9b83280b127c151fed0ed723f71094792
5c7c02592bfae2711c7f82647e426e06a8bc453d
8ab6106d3db6b9573e0b97c939509102b6d75c8a
8e416c76489782a32eade1b03bcd26dce3f19a82
101f5dff695a8a04344261e1c53e2fb0a031ea9a
331645de1b89e0e86fc0cf6ee4b4791f58305758
9da4575ce53b6cf1fe586c77e417274ba01c52e5
4bd5b002a95e84a97fb8b825c96ba7fb53cba7ef
3d56f6bc71c56b73288d0a53b8ab78fe6438b533
2fc9a4fb8746305213c9044a4b9a0ebb81aac23d
32721ade470b3f731dfa6ebd998fcf343e77a00d
4224b65b12969f9f81b7c5fd696e0f3fb8fecada
898e81497dcef6b279f8d06f8603c64633a6f87f
54c8b6dccdc20bf95b7a882f581d7c7e83899ff7
65067b496ad337a9b3af1d9a044850d7a722d45f
855bbfb32f1eb41d30fad867eba8e80df15993b7
6768636f82611144328cf08596a99293eeb3cbef
a6ad0a26067dea33b7ec42ec6b7764862103030f
76ddfa6c55da546bebfe7ad9cbee320c11d15cb9
b040f2bdee3999aad415396f9f79e43b2aa9452b
6eccd0c7a2e7519f083ad9ee14dcbf97f02e7748
138d0963ac17496197973166f25a3979b5fec394
e4d8806381f95f0fab57f23e52120a0948912c67
3ba8dfdaa85e58bdc557b58bd6e1cac157a809cd
30e3892e4da3d5c1bdf2d8fa5cc2772de13af9ab
594d882a0cf7a0d556a3de20a888940609f9a591
4ab4b3b4fda63cc5ddee5b0cbb5f4abdf3afc855
329bb94f42112d51efaa927026904028428199fc
920ffd0e97aa35b4ced4eb8582fc0d2279b3b936
1c49efd77276bac402c1b874e844154021d04530
1ed095b35c48ef0623015d6b4cfc8f182090ec29
1343289fdc32779c8b94d59536f9880935365694
dc7b6391cb55be0c39b2bfa7e9c2f193f4c6ce69
8a99557cdf8200a32cf983c886a651389504cb36
2290a7474d537552f19ecc3e92f12f72e387ea94
7a207db4d2a447a3c547fda5f34d3f6efda5dcf9
0610824fedf6e8c93d7889b1be5429e8a2c65c66
d5eee26402aed8f6b13675393f7eb74e9cfd6741
9e6f9260832c09612e1f8648fc3b03700596c5d9
3978d73f03d103268e5fa8057d8b88e1757ecba5
70c21c66f00715991520d0b27f7bf256f00a3c7e
6bb1564b970ddfc69c86b60ee8b4a08be7296b7f
5119cfca9d0e5acce94e0b5f915286532f7c7b55
71d6574992d8b27ba6176b2fe66c529e07a0f8c9
2320ee4f3c0b0e1b7eca6ccb132ae5a7c81cda63
716500cfa33dc13348209a7752a7a3e4dd21603c
4650cb9a6bc858b1675f04370ecfd281421f95ae
27d82695691c268a802da9c226cd3ef4ca87c5a1
292d7d0ce8fddd529fe9bc50cb47a0b6bc080c1e
572b992abae62e237ea0f00ab1fd3eee3598f2b0
5ff30ce1979d6d54bca0d009cbddf23006d5bb0a
8cbdac17ae28b2681ce9dd764ea29b641b24f94f
0e1a20ed7d0dc47f10f263a7e613f75271a47394
553d372c6f9790334e336ded021ce9e75cbb60ac
6bbd0d7c2bfd545035cacc02518d54ee1481a209
a139d34f8a9d4bae89248be2ebf03598e2532b1d
40175837dd25a14490df912005d0f9b7af684394
ba81977d46e497a4677d2f818295496bcc03abb4
20faad1670119f9aaecb5577579751981ff65b4e
2a22911fc96a9a0ccac162432a0783a8222b1f6e
e94dc3bf5f05157ee429a28e3852785efea60015
92e2887bc10089607141e78bc6702166ffa8ee32
ae374b728c6906ce3648b8d86393d48daa0876a4
9695dbe103f637768ad655268d2e762311b8166c
138af104a33ac42b43f6c899f4e572fff09c6323
f9aa0246abb633e9c8e957cd567bd6d5a93bba3c
a3d860f44f3b64ef04bd126c6512f67a947f0930
f6d3788296dedb3b2d1217981d824d723ef52f1c
f2b6258db52c91e587f5082bfcec65b37ad808dc
d010696a842be5f5778ae75a3b3abad07e7e9432
155d04a11db2de85588953d24bdc9b6d35313130
eae2ad18c5beb2a2b610fe8122d4a636135a7dce
d4ad3d830fd782dab6bc8edaa507b57c1b51bb59
92220fb2b84cc8aff6ca05f52cbeca6e1d9385cd
cf20cbe1b3faf096b37803b6cfd7879804a4223c
cbb6f81f80e270ca89059eb96aab393f7b513044
5799c2d794a9f961e54e4e9726a847bc6fdc52e0
cdb44af2a4740940c395f77bab7c53d7c25f5c0f
bd929965aa556e4aeca7691d110690e742e68d1c
15766bfdbd612d174ee233dce4d466880728f8f3
704e9cf59612ddba84fe680f198f2170625cfff4
5eb132989ad2cdf0f14b82f263a15da96d9eb31f
0c49ed5a46c2868de3f6068bc3841012624d9382
f4f83251f61441fb61cd814aa0af262e82c4381a
3690e1a2bd43ae7b4854e1415c54b292dbd85ce9
e5fdf654d2dbcd1936327a49fce654b66e6fbc86
a601aaaf82eb6cf0263152f6ad97a2b810924733
937d1cbd99d0f50bdfad67edfd96c811f0475d88
5723e44692b119b00d46739670a9f49688777006
1b2be9241eb83e8185d4ba9c095e6805f737bdf0
b870192f05a6caaabb9ccf005c68960c72a6061e
57bc3b916291a2e92f1f821f6bfe27a47a271f16
3fd3d813417c0872d1a1374439351dd53500a024
a32831b44146926f0fe17a243c772cc895fa4039
a752f27c2bc8f92bc2f0ac66c031469fd440b80d
6124fe935ac263df6e27bbf604bf8fa9799e3349
26a261e7c9570b60e8d638ae844351d11c243a1f
8f674e8d87eac76a21eb04c18edd6c46c1c74e2f
a09103122a132edda3b9592e341843f3efb1f757
21a067ed90eb91cb58466b00d379812823aab451
9567c1b308c694226d56d734326d741ae18859cb
5ba6cba5be772c037336e17c92c0e1f8055e2bc7
ad5f96b7a1f12a15bed48e4018ee1532295dca71
898a70a15cc1632342b1c6fc24ab983e121da8d9
2e56ad6fc19ed783a8d8d255412d40403dc9c0ce
d03a951a56729bf9998138b9aca5e14fa4997519
3d646e42cca988a6b696f845fc9dedefc034e82b
c5f3a8fe1860b0ea23bd4589a0d4ca10efe7da4b
0501119c5e52d771b127764f7fffb5f38c6c45b1
0e6ecac642ed6ddac4cfec872fc292e217a3dfd9
806f17aaa650c367015db5792319650b3bd59502
cc304fa51a202db65b6d328efb94475aae2783b2
123ba07b28b49215d4d7b83fbf38cb2a9e0c8b56
15ae12880fec098cb19ab3ca123036e4580c938b
e039344e5b7b9d79b86241b5d515601cd1075416
9245e0f24075a19f7c2027348d9bc2aaa1cf7c7d
7a4999d876e3945762e0de21a883b6c151fa891a
973721e65ade599942b6a166fedf17d0ccc7feb6
3643021d0635e71f9674bfd46148f61414665191
289708f65413544d5162c5c6814efe24da10b38b
85f43c93ef33f45e8f440d9de30019bda72c24b3
2e78dc32dbac62df2ed6223813ea91b9b2de0ff4
2193f79b095ddc051c91d34c3b6a124a8d727836
eefa44ca9c8f84fb259ee20a65246f1e18da4304
ee27f1e14b140e6a4373250caa0cc575fcc84c5f
a64a0b4b35c0775554ad6f11bd19c8bf60da9bd9
72c2dd8d677a9bbc86e624383d42fd0496144a5c
9918d328b7ab2fd23a8b2cd31bcc95e9e72d8459
8e7c4675ae0b67d9099bbd1c731eee208c2af024
b5ef77f0ebfe74b2e3b93cdae184ca4af93335e7
cedb9645c070c6e80a83b185aa0e7ea37539ea17
f441ee257d3933405be036e82a195e4d0135ceba
9bfb234b4af6dcd7fcf165d043672548a5211650
52000fec552c442afc38c58656a678c4b2ca2e3f
f8f6380ba33d0b37324a104107b217dec1acff1c
b4c72eab6f7659223e1fa1c973ddd56a9d4648e9

9

Firewall Help - CIS / Re: How to Remap the excessive SSD writing folder (\Cis\lmdb) to RamDrive

« Last post by Cipher on Today at 11:42:30 AM »

Ugh, I just ended a nasty 2-hour debug session with CIS Pro and SolidWorks 2020.
So here is a word of caution to those brave enough to dive into the advanced settings and setting up their own CIS rules.

The reason I'm posting in this thread is I was having a somewhat similar issue with constant disk writes by CIS on my SSD-equiped laptop. The issue was that whenever I opened SolidWorks 2020, the CPU fan would pick up speed and there was constant periodic write access to my SSD. I opened Process Explorer to inspect what's going on and looked at the disk access graph. The CPU usage was about constant 10% of which cmdagent.exe had 5%, but the I/O history was more interesting (see the attached image; blue are reads and purple are writes).

I could literally hear the CPU squeaking like every 10 seconds when the write spike was triggered. CIS logs didn't show anything, but running Process Monitor showed constant WriteFile API calls to C:\ProgramData\Comodo\Cis\lmdb\cmddata by cmdagent.exe and during this debug session I managed to accumulate about 6 GB of disk writes to this file just by having SolidWorks open and minimized. The cmddata file itself didn't seem special as it was roughly 100MB in size. Disabling CIS logging had no effect. I temporarily disabled HIPS with no effect either. Disabling antivirus or virus scope did not help. But when I disabled the auto containment, much to my surprise the writes stopped immediately, and even the CPU fan stopped as the CPU usage went down to nearly zero. I re-enabled auto containment while solidworks was still running, but that did not re-trigger the issue. My suspicions were correct when I re-enabled all protections and restarted SolidWorks to find out the disk writes returned. After disabling the auto-containment one more time I noticed that a new process appeared in the Process Explorer next to solidworks.exe.

C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\cef\swCefSubProc.exe
It would seem that the creators of Solidworks forgot to digitally sign this file, and as a result, CIS determined that the file rating was "Unrecognized". Therefore, every time this process started it would have to automatically start in a virtual environment. But coupling this situation with another bug that caused this process not to run made everything worse. Since Solidworks detected that the process didn't start, it would try to restart it only to have it run in a virtual environment and fail to start again, ad infinitum. As soon as I disabled auto-containment, this process popped up in Process Explorer and the writes stopped. I tested it by closing solidworks and changing the "swCefSubProc.exe" file rating to Trusted in the advanced settings file rating list. After re-running Solidworks everything was fine and silent. I realize this was partially my fault since I was the one performing the advanced configuration and disabling the file rating cloud lookup as well as purging the vendor list of most non-microsoft entries, but these are the risks that come with oneself doing the rules manually. I ended up fixing the whole situation by adding the C:\Program Files\SOLIDWORKS Corp\ folder to Auto-Containment ignore list.

Anyway, I hope someone finds this post useful, if they're doing their own custom rules with CIS and see write spikes like those in the picture.

10

News / Announcements / Feedback - CIS / Re: Comodo Internet Security 2020 v12.2.2.7098 Released

« Last post by futuretech on Today at 10:43:19 AM »

virustotal and valkyrie do not unpack executables so you would need to unpack and scan the unpacked version of the file, which is deteted but is most likely a false positive.