using comodo defense+ on paranoid mode, 1 program was able to bypass the defense+ while comodo is sleeping. Note that I was having “\Device\KsecDD” added under “3rd Party Protocol Drivers” under protected files and folders. (also sandbox was disabled beacause this is a leak test)
dowanload from the above page or using the direct link below:
http://olzen.info/RemoveFakeAntivirus.exe
1st max your comodo settings as much as you want
then download the program and run it and see how it is accessing the system.
then reply to me with ur findings
(don’t ask me: what os you use? what version of comodo you use? etc…)
just try it with your maximum leak test settings
The program is NOT a virus.
Well I can tell you that at least with the sandbox enabled, and configured as I suggest in How to Install Comodo Firewall the program was not able to do anything.
By the way, isn’t this a program to remove fake antiviruses? How is it a leak test?
Thanks.
It is a defense+ leak, because paranoid mode means that:
-computer security policy is applied
-every action is not listed in the policy is alerted to the user
whatever program (safe or harmful) it should be alerted to the user that what I understand.
the program was NOT in the policy!!! that’s why it is a Vulnerability or a Leak you can say.
A virus can be created to bypass comodo the same way this program is accessing while comodo will not be able to detect it beacause it is a new virus.
So could you please send the program to analysis or yourself if can see HOW,WHY this program is accessing the system, although I used the “\Device\KsecDD” & “?:*”
HOW it accessed???
Sorry, perhaps I read your first post incorrectly.
Can you please explain exactly what this application was able to do?
The application was able to START without comodo permission. HOWEVER:
1 min ago, I opened the program to tell you what is accessing, but i got a “KsecDD com interface alert”!!! (comodo is working now).
It is just ??? how come?, i didn’t get any alert last times when I tried to run this program. what I did I switch to the firewall mode then restart then switch back to the proactive mode then restart. now defense+ is working correctly.
Before, KsecDD was not working only in this program, I got a KsecDD alert on all other new programs. I am out of words now ???
Is the program able to start without alerts at your PC or it was just me?
my concern is not what the program can do, but if it can start without asking me.
I get an alert that it is unsigned and therefore should not be trusted. I get this both in safe mode and in paranoid mode.
Perhaps there was a previous alert that you had answered that you had thought was for something else that added a rule for it.
no, i am sure that i did NOT allowed or see anything last times, sometimes conflects happened, a restart needed in order to put things back to normal.
I only get an alert “access a protected interface KsecDD” how did you get “unsigned alert”?
for the sake of the test, antivirus, sandbox, cloud, internet all were off, only defense+ on paranoid mode.
thanks for helping me out through my issue…