Author Topic: COMODO Batch code analyser.  (Read 7516 times)

Offline pengo

  • Newbie
  • *
  • Posts: 10
COMODO Batch code analyser.
« on: January 21, 2012, 04:21:11 AM »
First, Hello and greetings to the comodo team.

My idea is to make, the antivirus to analyse the code of batch files.
Why?!
Simply, the most of the batch codes are very destructive for the computer system.
The batch codes are more powerfull that everyone think. The cracker can take full control of you without to even know about it and the antivirus will not alert the user for it, why?!
Simply the program dont analyse the code.
My idea is to make the scaning to fragment the file and to analyse it profoundly.
Its not only for the batch files, becouse for the web administrators can be infected by shell code.
Will explain.
When the cracker steal the data from the administrator, he can upload a shell code, and with this code he can to take full control over the site data - folders/files/passwords/database/etc..
Some of the sites are deny the uploading of files - .php
But the cracker can bypass it when he make the file like - shellcode.php.jpeg.
so the system will think that file is some picture and BAM, the site is pwned.
It will taking much time for scanning, but the user will be sure that he is protected and clean.

Thank you for attention.

Pengo.

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26225
Re: COMODO Batch code analyser.
« Reply #1 on: January 21, 2012, 06:11:33 PM »
From the online help:
Quote
Do heuristic command-line analysis for certain applications - Selecting this option instructs Comodo Internet Security to perform heuristic analysis of programs that are capable of executing code such as visual basic scripts and java applications. Example programs that are affected by enabling this option are wscript.exe, cmd.exe, java.exe and javaw.exe. For example, the program wscipt.exe can be made to execute visual basic scripts (.vbs file extension) via a command similar to “wscipt.exe c:\tests\test.vbs”. If this option is selected, CIS detects c:\tests\test.vbs from the command line and applies all security checks based on this file. If test.vbs attempts to connect to the internet, for example, the alert will state ‘c:\tests\test.vbs’ is attempting to connect to the internet (Default=Enabled).
.Src: http://help.comodo.com/topic-72-1-284-3037-Execution-Control-Settings.html .

Is there anything you would like to see added to this?

Offline pengo

  • Newbie
  • *
  • Posts: 10
Re: COMODO Batch code analyser.
« Reply #2 on: January 22, 2012, 01:13:36 PM »
Yes.
Thank you for the answer!

Pengo.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek