Author Topic: Defnec Plus not intercepting execution of exe by chrome browser?  (Read 1582 times)

Offline aigle

  • Comodo's Hero
  • *****
  • Posts: 716
Defnec Plus not intercepting execution of exe by chrome browser?
« on: December 26, 2014, 09:10:10 AM »
Can any one confirm this behavior.

Windows 8.1. Comodo v8 latest

Defence Plus in safe mode

Go to this page via google chrome browser( not any other browser)

http://www.filehippo.com/download_hijackthis/download/f34dd7e4b3aaeb635b87278b1c1cca93/

Press on download page and when Hijackthis.exe is downloaded click on it to launch it. HijackThis will be executed and no pop up alert from Comodo Defence Plus. If you execute HijackThis.exe via explorer, Defence Plus does give a pop up alert.

Is it some thing expected? Please reply. Note that I don't get this behavior on XP with CIS v 5.

Thanks

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4204
  • Lurking
Re: Defnec Plus not intercepting execution of exe by chrome browser?
« Reply #1 on: December 26, 2014, 09:20:07 AM »
The file launches without any pop-ups in both cases (chrome and explorer) for me - File is rated as "safe" in the cloud.
I support privacy and freedom online - eff.org

Offline aigle

  • Comodo's Hero
  • *****
  • Posts: 716
Re: Defnec Plus not intercepting execution of exe by chrome browser?
« Reply #2 on: December 26, 2014, 09:31:10 AM »
Thanks for testing.

What is your OS and comodo version. Can you try in paranoid mode please?

Thanks

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4204
  • Lurking
Re: Defnec Plus not intercepting execution of exe by chrome browser?
« Reply #3 on: December 26, 2014, 09:49:26 AM »
Thanks for testing.

What is your OS and comodo version. Can you try in paranoid mode please?

Thanks

Windows 10 TP with CIS 8.0.4344

I'll test paranoid.

Edit: With Paranoid I get alerts that chrome.exe is trying to launch HijackThis.exe and same alert for explorer.exe when trying to launch the file from there.
« Last Edit: December 26, 2014, 09:52:11 AM by Sanya IV Litvyak »
I support privacy and freedom online - eff.org

Offline aigle

  • Comodo's Hero
  • *****
  • Posts: 716
Re: Defnec Plus not intercepting execution of exe by chrome browser?
« Reply #4 on: December 26, 2014, 09:52:02 AM »
I get this alert with safe mode but cloud is disabled. If I try via chrome, no pop up alert even with paranoid mode and application is launched.

[attachment deleted by admin]
« Last Edit: December 26, 2014, 09:54:07 AM by aigle »

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4204
  • Lurking
Re: Defnec Plus not intercepting execution of exe by chrome browser?
« Reply #5 on: December 26, 2014, 09:55:06 AM »
Is it possible that chrome.exe is running with installer privileges?
I support privacy and freedom online - eff.org

Offline aigle

  • Comodo's Hero
  • *****
  • Posts: 716
Re: Defnec Plus not intercepting execution of exe by chrome browser?
« Reply #6 on: December 26, 2014, 09:56:06 AM »
Windows 10 TP with CIS 8.0.4344

I'll test paranoid.

Edit: With Paranoid I get alerts that chrome.exe is trying to launch HijackThis.exe and same alert for explorer.exe when trying to launch the file from there.
Seems something is not just right on my system. I am using EMET and Sandboxie as well. Confusing!!

Offline aigle

  • Comodo's Hero
  • *****
  • Posts: 716
Re: Defnec Plus not intercepting execution of exe by chrome browser?
« Reply #7 on: December 26, 2014, 09:57:55 AM »
Is it possible that chrome.exe is running with installer privileges?
good idea. I need to check it.

Offline aigle

  • Comodo's Hero
  • *****
  • Posts: 716
Re: Defnec Plus not intercepting execution of exe by chrome browser?
« Reply #8 on: December 26, 2014, 10:23:28 AM »
Chrome is not even trusted. Can you try my config. I uploaded my config file. Just rename it from a.txt to .cfgx.

Thanks

[attachment deleted by admin]

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4204
  • Lurking
Re: Defnec Plus not intercepting execution of exe by chrome browser?
« Reply #9 on: December 26, 2014, 11:01:31 AM »
Chrome is not even trusted. Can you try my config. I uploaded my config file. Just rename it from a.txt to .cfgx.

Thanks

I imported and activated your config but I can still not replicate the issue, HijackThis.exe launched from chrome.exe gives alert, the same way if I launch it from explorer.exe

If it possible that you ran Chrome and then answered "Treat as > Installer/updater" but didn't check "remember my answer"? To rule out that possibility, have you tried restarting the system?
I support privacy and freedom online - eff.org

Offline aigle

  • Comodo's Hero
  • *****
  • Posts: 716
Re: Defnec Plus not intercepting execution of exe by chrome browser?
« Reply #10 on: December 26, 2014, 02:52:18 PM »
No, I tried it since few days many times. Seems something specific to my system. Any way, I am satisfied that it's probably not some bug in CIS. BTW just want to sure did you tried it with chrome browser( just making sure that the browser used by you was chrome)?

Thannks

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4204
  • Lurking
Re: Defnec Plus not intercepting execution of exe by chrome browser?
« Reply #11 on: December 26, 2014, 03:55:29 PM »
Yes, Google Chrome as in the one made and distributed by Google (i.e not Comodo Dragon)
I support privacy and freedom online - eff.org

Offline aigle

  • Comodo's Hero
  • *****
  • Posts: 716
Re: Defnec Plus not intercepting execution of exe by chrome browser?
« Reply #12 on: December 26, 2014, 04:22:34 PM »
OK, thanks for your help. I will just leave it like this at the moment. Might investigate it further later on.
Thanks for taking time to test it for me.  :)

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek