Author Topic: weakness of the gpCode  (Read 107141 times)

Offline Peter5

  • Comodo's Hero
  • *****
  • Posts: 257
Re: weakness of the gpCode
« Reply #120 on: April 29, 2011, 12:29:02 PM »
There is nothing wrong with that; it's actually a very good and sane idea: you are making a layered security defense. :-TU

Thanks EricJH,

It is always good to have a confirmation from the experts  ;)

Offline Josh™

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1012
Re: CFW fails in GPCode ransom test
« Reply #121 on: April 30, 2011, 12:06:22 AM »


Method 1: Add you sensitive files/folders to CIS protected files list and you are done. For example, you can add My Documents, My Pictures folders or *.doc, *.txt, *.jpg etc. to your protected files list and it can be protected.

Method 2: Always run your WEB browsers in COMODO Sandbox by adding them to Sandbox pemanently. And while doing this, make sure File system and registry virtualization are both enabled. If you do this and accidently get gpcode or something like gpcode or actually any virus from WEB, they will be running in a virtual file system and hence they can not acess your files or folders.

You can also directly run GPCODE with right-click menu in CIS sandbpx and you will see it cant do anything.

Method 3: Block all unknown files with D+/Sandox. :)

Josh
Learn from the past, live in the present, prepare for the future.

Offline trscsaeg

  • Comodo's Hero
  • *****
  • Posts: 1162
Re: CFW fails in GPCode ransom test
« Reply #122 on: May 01, 2011, 07:00:57 PM »
Thanks for the reply. I don,t insist that Comodo people use same technique/ hack used by OnlineArmor. I will be happy with any solution provided it work. I will reaped it again.

Still there is one thing missing. What about uesrs who are not using sandbox and are using just proactive HIPS feature of Defence Plus. It is not very much practical to add all your sensitive files in one folder and then protect this folder. One might have many .doc, .txt and image files scattered here n there on hard disk. Besides what you will do about blackday trojan that is targeting so many types of files.

I think they will need the HACK or some other smart idea as they are not using sandbox anyway. Hope I made my point clear.

Thanks for all your kind input and replies.

this guys question is still unanswered unless i missed the answer or just didn't understand or recognize it as the answer. i am very interested in seeing an answer to this guys question

Offline aweir14150

  • Comodo's Hero
  • *****
  • Posts: 428
Re: CFW fails in GPCode ransom test
« Reply #123 on: May 02, 2011, 12:12:58 AM »
this guys question is still unanswered unless i missed the answer or just didn't understand or recognize it as the answer. i am very interested in seeing an answer to this guys question

See the post above yours. The file would be blocked, not sandboxed. Blocking unknown files has nothing to do with the sandbox as far as I know. If it's blocked from running, then there is nothing to sandbox, it won't execute so you are safe.
« Last Edit: May 02, 2011, 12:19:19 AM by aweir14150 »

Offline trscsaeg

  • Comodo's Hero
  • *****
  • Posts: 1162
Re: weakness of the gpCode
« Reply #124 on: May 02, 2011, 12:29:27 AM »
i thought this bypassed def+ or was that only for users only running def+ in internet security configuration and not if the user was in proactive configuration

Offline aigle

  • Comodo's Hero
  • *****
  • Posts: 722
Re: CFW fails in GPCode ransom test
« Reply #125 on: May 02, 2011, 01:37:18 PM »
this guys question is still unanswered unless i missed the answer or just didn't understand or recognize it as the answer. i am very interested in seeing an answer to this guys question

I think there will be no answer as they don,t think that it,s impotant issue to be addressed. Sad indeed.

Offline morphiusz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3082
    • Suspicious file?
Re: weakness of the gpCode
« Reply #126 on: May 02, 2011, 04:12:53 PM »
Yes.
I tkink that Comodo

1.Strong HIPS.
2. Av, then.




Offline done75

  • Newbie
  • *
  • Posts: 3
Re: weakness of the gpCode
« Reply #127 on: May 05, 2011, 06:43:52 AM »
Did the last update fix the problem?

Offline morphiusz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3082
    • Suspicious file?
Re: weakness of the gpCode
« Reply #128 on: May 05, 2011, 10:09:37 AM »
Gpcode?
No.

Offline alexo2003

  • Comodo Member
  • **
  • Posts: 33
Re: weakness of the gpCode
« Reply #129 on: May 06, 2011, 11:10:34 AM »
Sorry for my misunderstanding, but ...

In first message we see, that even being sandboxed gpcode does make its bad work. Then egemen writes that Sandbox ideally restricts any malware. So, what about Sandbox in CIS (with strong settings, not default ones), does it prevent from trojans/malware/etc.?

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26183
Re: weakness of the gpCode
« Reply #130 on: May 06, 2011, 11:57:23 AM »
Sorry for my misunderstanding, but ...

In first message we see, that even being sandboxed gpcode does make its bad work. Then egemen writes that Sandbox ideally restricts any malware. So, what about Sandbox in CIS (with strong settings, not default ones), does it prevent from trojans/malware/etc.?
The sandbox does protect against malware. During testing during the development of v5 the sandbox with default settings was tested against 15,000 pieces of malware and none of them was able to infect the system. That gives a bit of an idea about the strength of the sandbox. And that is with default settings.

However, this is one of the malwares that does slip through the cracks of the sandbox though.

Offline trscsaeg

  • Comodo's Hero
  • *****
  • Posts: 1162
Re: weakness of the gpCode
« Reply #131 on: May 06, 2011, 03:18:28 PM »
will defense + block this with default settings in the next version? if not will it leak out of sandbox ith default settings. i've read previous post saying the av detects this and that's good but does it detect it on access?

if so then that's great because comodo is all about prevention first if possible and then av to catch things that get by but if people don't have CAV then they're screwed unless they have an AV that detects this on access to prevent gpCode

Offline malik1976

  • Comodo Family Member
  • ***
  • Posts: 57
Re: weakness of the gpCode
« Reply #132 on: May 11, 2011, 12:25:15 PM »
Cool.:) :-TUIt does not block it with default settings. However D+ is capable of catching it. You need to manually add some things. Read Ronny's contribution under this.


Sorry as I am quite slow on this. How can you place the *_CRYPT in the Blocked Files? Blocked Files/Add then what...? Can someone point me towards it please. I just saw this thread was away for a couple of weeks. Just update to ver5.4._.1355 and then I saw this along with the other posts connected to GPCode.

Will I create a File Group for this? How can I create that...I am at a loss (Protected Files and Folders/Add then what..? Or Group/Add New Group/..then...?)

Quote
Other thing is you can protect your favorite files by adding them to the protected files and
folders list.
e.g.
*.txt|
*.chm|
*.jpg|
*.7z|

How can I also add these to the Protected Files and Folders?

Quote
After testing 6 different versions of this stuff I only found one setup that would kill all
\Device\KsecDD
Needs to be added to protected files & folders to block them all.

Again for this, how can I add it?

Quote
However, this is one of the malwares that does slip through the cracks of the sandbox though

Reading along the replies I surmise this is a temporary solution to the vulnerability, yes? Then how can we set D+ in ver5.4._.1355 to be protected from this trojan? Possible settings in addition to the suggestion of Ronny...

I use Sandboxie 3.54 paid and all my browsers are always sandboxed. In addition I have set 'unrecognized files(s)observed will be treated Restricted. What can I do further? I don't want to change firewalls now as CIS has grown in me and I am happy with it. I just wanna be safe from this trojan.



« Last Edit: May 11, 2011, 12:31:59 PM by malik1976 »

Offline voltron

  • Comodo Family Member
  • ***
  • Posts: 82
Re: weakness of the gpCode
« Reply #133 on: May 13, 2011, 10:14:52 AM »
I should have posted the same question. Howcan I place the CRypt in Blocked Files as malik asked aslo.

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13551
  • Retired - Volunteer Moderator
Re: weakness of the gpCode
« Reply #134 on: May 13, 2011, 10:20:45 AM »
Sorry as I am quite slow on this. How can you place the *_CRYPT in the Blocked Files?
Go to Defense+, Computer Security Policy, Blocked Files.
Add, Browse, In Add new Item, type *_CRYPT and press [+] Hit Apply twice and it's there.
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek