Author Topic: CIS fails against a script.  (Read 22356 times)

Offline spywar

  • Malware Research Group
  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 9560
CIS fails against a script.
« on: November 26, 2012, 02:12:49 AM »
Hi,

CIS 5.12 has been tested by a french tester against a script
watch the result : http://www.youtube.com/watch?feature=player_embedded&v=sieDOkP5niA
As you see, CIS completely failed during this.
Also, note that "Shaoran" who was part of french helper already reported it to Comodo a while ago ...
If you have any quetions, please feel free to ask the tester.
« Last Edit: November 28, 2012, 02:38:27 PM by spywar »

Offline spywar

  • Malware Research Group
  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 9560
Re: CIS fails against a script.
« Reply #1 on: November 26, 2012, 05:47:19 AM »
Please have a look at it

Offline tommymacangel

  • Comodo Loves me
  • ****
  • Posts: 134
Re: CIS fails against a script.
« Reply #2 on: November 26, 2012, 07:28:02 AM »
Also, the author is saying in video comments that this script kill also v6 lastest beta  ???

Offline tommymacangel

  • Comodo Loves me
  • ****
  • Posts: 134
Re: CIS fails against a script.
« Reply #3 on: November 26, 2012, 07:30:30 AM »
OS in the vid is w7 32 bits sp1

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: CIS fails against a script.
« Reply #4 on: November 26, 2012, 11:33:20 AM »
If anyone has access to the file can they please PM me a link to a sample of it? I'd really like to test this.

Offline Siketa

  • Comodo's Hero
  • *****
  • Posts: 5066
Re: CIS fails against a script.
« Reply #5 on: November 26, 2012, 01:22:57 PM »
True, but....
Is cmdagent.exe there after restart?
We can not see the complete PH window as he didn't scroll to the bottom.
« Last Edit: November 26, 2012, 01:25:50 PM by Siketa »

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26225
Re: CIS fails against a script.
« Reply #6 on: November 26, 2012, 01:24:17 PM »
The script seemingly only shuts down cfp.exe but cmdagent.exe is still running before reboot. That would mean the protection would still be intact. See attached image.

However after reboot both cfp.exe and cmdagent.exe are no longer starting up. I would like to have the script for testing to see what's going on. I am wondering if the script detection (Do heuristic command-line analysis for certain applications) is working here or not.

Also notice that IE warns this script may not be safe. May be because it is not digitally signed? See second image.

[attachment deleted by admin]
« Last Edit: November 26, 2012, 06:01:55 PM by EricJH »

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3981
Re: CIS fails against a script.
« Reply #7 on: November 26, 2012, 02:13:31 PM »
I tired the original script on windows 7 64 bit and it did nothing.
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline Siketa

  • Comodo's Hero
  • *****
  • Posts: 5066
Re: CIS fails against a script.
« Reply #8 on: November 26, 2012, 02:24:11 PM »
I tired the original script on windows 7 64 bit and it did nothing.
Where did you get it?

Offline spywar

  • Malware Research Group
  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 9560
Re: CIS fails against a script.
« Reply #9 on: November 26, 2012, 02:29:48 PM »
I tired the original script on windows 7 64 bit and it did nothing.
Strange, the script's author does not want to share it atm ... Already contacted, as Siketa said where did you get it ?

Offline vigen

  • Comodo Loves me
  • ****
  • Posts: 182
Re: CIS fails against a script.
« Reply #10 on: November 26, 2012, 03:08:43 PM »
I tired the original script on windows 7 64 bit and it did nothing.

Lol

Its just impossible !!!!


There are only two people with this script, and you do not left this group.

Well tried ^^ :-TD

The script run well on ALL Windows platform...64 or 32 bits..

Offline vigen

  • Comodo Loves me
  • ****
  • Posts: 182
Re: CIS fails against a script.
« Reply #11 on: November 26, 2012, 03:11:44 PM »
The script seemingly only shuts down cfp.exe but cmdagent.exe is still running before reboot. That would mean the protection would still be intact. See attached image.

However after reboot both cfp.exe and cmdagent.exe are no longer starting up. I would like to have the script for testing to see what's going on. I am wondering if the script detection (Do heuristic command-line analysis for certain applications) is working here or not.

Also notice that IE warns this script may not be safe. May be because it is not digitally signed? See second image.

Use ActiveX its for an simply "way"....Others doors are possible...

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26225
Re: CIS fails against a script.
« Reply #12 on: November 26, 2012, 03:22:55 PM »
Lol

Its just impossible !!!!


There are only two people with this script, and you do not left this group.

Well tried ^^ :-TD

The script run well on ALL Windows platform...64 or 32 bits..
Then provide us with the latest script. When you don't give us the script we will assume your scripts won't keep up when tested.

Nice try for 2s of fame.....

Use ActiveX its for an simply "way"....Others doors are possible...
That shows the nature of this script. It is about user consent in the first place.

Offline vigen

  • Comodo Loves me
  • ****
  • Posts: 182
Re: CIS fails against a script.
« Reply #13 on: November 26, 2012, 03:29:01 PM »
pfffffff

Fame? With Comodo products..The fame is not my quest...

"Il n'existe pas de forteresse imprenable, mais des attaques mal menées"

Vauban.

Bonne soirée a vous et bon travail.

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26225
Re: CIS fails against a script.
« Reply #14 on: November 26, 2012, 05:11:45 PM »
pfffffff

Fame? With Comodo products..The fame is not my quest...

"Il n'existe pas de forteresse imprenable, mais des attaques mal menées"

Vauban.

Bonne soirée a vous et bon travail.
Why don't you provide with the script for testing? I am still interested to see how it behaves and if the script check will pick up on it.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek