An applications that can force log off and Dfence plus can,t stop

Learn about Computer Security Leak Testing/Attacks/Vulnerability Research
1

http://www.securitysoftware.cc/securitysoftware/apps.html

Application name is logoff.

[attachment deleted by admin]

2

i tried a lot of settings but i always finish by the same alert and vista log off.
there was the same problem with the leaktest system shutdown simulator in step 1 and step 2, except there was no alert but it was not tested with the last version.
i tested it with the last version and it’s the same result, there’s no alert when i click on intercept system shutdown call and when i click shutdown computer it closes the machine, except i had others programs running so it asked me if i wanted to log off as apps were running…
let’s wait for next comodo :slight_smile: i see first rank in my crystal ball :slight_smile:

3

It also fails to prevent log off by using shutdown.exe in system32 (shutdown -l). No alerts shown at all, except for executing shutdown.exe. I’m running the latest version with Defense+ in Paranoid Mode.

Cheers,
Ragwing

4

What is that simuylator. If u mean the shutdwon simulator utility on the same site, CFP blocks it on my system.

5

nope i was talking about some leaktest we used to test firewalls.
it’s named system shutdown simulator. sss.exe
i attached it in my post, maybe it’s the same thing, u tell me.

i went to the site, if u talk about the file shutdown.exe, so it’s not the same file.
D+ blocked it too on my system.
in the exploit SSS, there’s not even an alert about the 2 first steps.
do u confirm?

[attachment deleted by admin]

6

No, CFP blocks it. Just add *.com files in protected files list to get alert on first one. 2nd and 3rd will give alert by default.

7

How did you add .com to the list?

8

Go to My Protected Files, then when adding a new one, you define it as *.com.

Cheers,
Ragwing

9

in my case i got no alert in vista or xp with step1 and 2 but i didnt add *.com as u said, thanks for this info.
D+ should block that without the need to add *.com in protected files list.
how many user know they need to add *.com in protected files to block this exploit?

update : i added *.com in protected files and still no alert from D+ with step1 and 2…the system doesnt shutdown but the exploit stops lot of process.
can u post some screenshot ?

10

I use it on XP. Later I will post some screen shots.

11

I agree, If a program is trying to logg\shutdown it should be alerted to the user