CIS its vulnerable to process termination at this exact moment?
Hi, sorry for my english
This is of course all in CIS sandbox, limited security level, cant put it more higher or I lose internet for application.
Application with virus was capable of put bugs in another clean application, so it would behave unproperly.
I was able to fix this with CIS HIPS Defense+. Hurray!!!
Application with virus, dont like what I did with the first step ;D , so virus decide to disconnect my vpn secure high encrypted connection. I was able to fix this with CIS CIS HIPS Defense+. Hurray!!!
Application with virus, really get mad with me, for doing that on step 2, lol hahaha. Now she or he (virus) sais, dude now is fuc*ing personal. You want war? you will get war. lol hahahaha ;D
Application with virus decide to terminate the program and get close and get disconnected from internet. And basically get close.
Now I need the application with virus been open all the time that I am using it. And not be closed. Unless I manually do it.
So Is this a leak or a vulnerability that has CIS right now?, or I am doing something wrong on step 3?.
To tell you the true I am impressed by comodo software I never thought CIS could beat and win in step 2, and it did it. So this gives me hopes for step 3.
Any ideas, suggestions, tutorial links, are welcome
I am not sure I am understanding you completely. CIS is not vulnerable for process termination of its self if that is what you mean with your first question.
What is it you want to establish with step 3? You want the virus program to be blocked from terminating its self?
Yea exactly. The thing is application with virus, choose as a last option to terminate it self. So it get automatically close without my consent or permission. So yes I want the virus program to be blocked from terminating its self. But I havent figure out how. I tried the check mark in defense+,computer security policy,application virus,customize policy,acces rights,and I put check mark on block process termination,and proteccion settings procces termination check mark, but it wont do the trick. Just so you know this application virus loves to do hooks and hack through \Device\KsecDD. I need to do one more test related to that, cause of new configuration posted here in forum. I hope it works. I think is somehow related. I know the vpn disconnection was %100 related to that.
CIS is vulnerable to process termination at this exact moment. You can see this in that video. Somebody using process hacker termination tool with success:
Process Hacker is a safe file and is there for capable of installing a driver. PH then has kernel access and is capable of terminating any program it wants.
A non trusted program will not be capable to do that.
