Author Topic: Alternate Data Stream ":$CmdTcID:$DATA"  (Read 22913 times)

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26177
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #15 on: January 18, 2015, 07:09:53 PM »
The new sandbox of CIS v8 uses ADS. That's more than likely where all the alerts are coming from.

Offline johnrambobt

  • Comodo Family Member
  • ***
  • Posts: 83
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #16 on: January 19, 2015, 05:45:05 PM »
Can I prevent CIS to create ADS disabling the autsandbox?


Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26177
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #17 on: January 19, 2015, 06:57:06 PM »
This has been reported as a bug in CIS/CES 8 adds ADS to files which remain present if files distributed [M1367].

The workaround for now is to go back to CIS 7. The bug report will provide more in depth information as there are various user comments in it.

Offline johnrambobt

  • Comodo Family Member
  • ***
  • Posts: 83
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #18 on: January 20, 2015, 11:06:01 AM »
Thanks a lot, I´ll read that.

I can see it's a bug, and Comodo team are working on it. Hope a fix will be ready ASAP.

Thanks for your attention!


Offline jeromex

  • Comodo Family Member
  • ***
  • Posts: 56
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #19 on: January 29, 2015, 07:31:18 AM »
It is a scandal that Comodo is still releasing such a bugged version. It could be a good reason to definitively uninstall these products.
--

Offline jeromex

  • Comodo Family Member
  • ***
  • Posts: 56
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #20 on: January 29, 2015, 07:34:46 AM »

Then those trying back v7, will deal with non solved V7 bugs   >:-D
--

Offline captainsticks

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11197
    • Comodo Help
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #21 on: January 29, 2015, 06:00:54 PM »
It is a scandal that Comodo is still releasing such a bugged version. It could be a good reason to definitively uninstall these products.
Hi jeromex,
There are just so many variables.
If we were to make all our systems bug free we would have no software installed, not even an operating system.

Kind regards.

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26177
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #22 on: January 29, 2015, 07:28:14 PM »
It is a scandal that Comodo is still releasing such a bugged version. It could be a good reason to definitively uninstall these products.
We're waiting for a new release. We're still with the same one.

Offline CB-Lethbridge

  • Newbie
  • *
  • Posts: 4
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #23 on: February 01, 2015, 06:16:10 PM »
I was able to delete the ADSs after booting to safe mode.  Any standard ADS tool will remove the ADSs in safe mode.  Giant pain...

Offline CB-Lethbridge

  • Newbie
  • *
  • Posts: 4
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #24 on: February 04, 2015, 06:39:02 PM »
An even better way than "safe boot" to clear the ADSs is to use "AutoRuns" (sysinternales.com) to temporarily disable "cmdGuard"
which is listed under "Drivers".  Reboot and run the ADS tool of your choosing then enable "cmdGuard" and reboot to return
to normal.

It appears "cmdGuard" establishes a mount point filter (file system filter) on the NTFS drives which intercepts file i/o and
restricts changes to the ADS.

Offline A B

  • Comodo Family Member
  • ***
  • Posts: 84
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #25 on: February 06, 2015, 11:45:12 PM »


Is there any temporary fix for ads through registry etc? Till the next cycle release probably?

Regards
ab
OS: WIN7 ENT

Offline wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5717
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #26 on: February 07, 2015, 02:11:56 AM »

Is there any temporary fix for ads through registry etc? Till the next cycle release probably?

Regards
ab

please do NOT double post it is against the forum policy

Offline Inked

  • Newbie
  • *
  • Posts: 6
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #27 on: March 07, 2015, 12:46:19 AM »
Is there REALLY still no fix for this?

Where can i download v7 or is there another firewall everyone in this thread had switched to?

Offline Dennis2

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 9670
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #28 on: March 07, 2015, 02:57:36 AM »
CIS 7 can be downloaded here.

Merry Christmas and happy no ADS! ;)
Moderator: Aims Forum a friendly place. Any concerns? Please PM me and/or review the Forum Policy 2012Updated.
System: Centos 7.9 x64, APF, HTTPS Everywhere, ABP, NoScript
 Fedora 33 x64, APF, HTTPS Everywhere, ABP

Offline Inked

  • Newbie
  • *
  • Posts: 6
Re: Alternate Data Stream ":$CmdTcID:$DATA"
« Reply #29 on: March 07, 2015, 03:11:46 AM »
Thanks for that ;)

Is running v7 still as secure as running v8?


 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek