CIS 8 create Junk ADS streams on your new executables

Natori · November 24, 2014, 3:28pm

CIS 8.0.0.4337 create Junk ADS streams ($CmdTcID) on your new executables (ie. .sys .exe .dll .js)

Copy executable file from same
Download new executables
Install new executables, new drivers, new windows updates

Stop your Junk ADS streams please
I unlike ADS streams, some people too. (ie. SaveZoneInformation)

When you copy files from a NTFS file system to a USB flash-drive (FAT),
You may receive the Easter egg “The file Setup.exe has properties that can’t be copied to the new location. Do you wish to continue?”

Comodo Firewall 8.0.0.4337
HIPS Disabled, Auto-Sandbox Disabled, Viruscope Disabled, Cloud Disabled

Waste my time full scan on safe mode >:(

[attachment deleted by admin]

Sixtyfour · November 25, 2014, 7:55am

I have created a bug report about this issue. Please add more information for the developers there.

Averell · November 25, 2014, 12:47pm

Hi,

Is it possible to remove these ADS ? I have tried to delete them with Pointstone ADS Scanner 2.0 and it doesn’t work…

Thanks

Sixtyfour · November 25, 2014, 5:04pm

The only way I’ve been able to delete $CmdTcID is by first uninstalling CIS 8. Then I recommend installing CIS 7.

Looks like CIS 8 is protecting this ADS, or perhaps recreates it as soon as it is deleted ?

mouse1 · November 25, 2014, 6:15pm

Locked to prevent splitting content. Hope that is OK.

Please contribute in the bug report topic noted above, where you will find answers to your questions.

Kind regards

Mouse