Anti Exploit capabilities

Hello. Quick questions:

Does COMODO offer anti-exploit mitigations in Defense+ (or other component) like

Also, is exploit mitigation software like EMET going to increase security when
CIS is also installed?

Thank you in advance :slight_smile:

Comodo can cover buffer-overflow exploits.
Please check this help page, press Ctrl+F and type “exploit” you will see some informations for your needs.

Unfortunately CIS no longer provides buffer overflow exploit protection such as the kind of protection you can get with either EMET, Malwarebytes anti-exploit, or HitmanProAlert. Buffer overflow/shellcode injection detection/prevention was removed back in CIS version 5.X as noted here:;msg810230#msg810230

how does anti exploit work?

i think, with HIPS enabled you will see some alerts. HIPS does this thing. with HIPS disabled, i don’t know.
sandbox maybe.

Why did Buffer Overflow protection get removed in the first place? In the bug report quoted by BuketB said she would look into it. After that’s been quiet.

This function seems to be asleep, maybe the high rate of complaints at the time that worked fully.
When these applications are isolated in the sandbox, they have full access or success in attacking the target files;
HIPS may fail if the application to be used by the exploit is a secure application contained scripts in extensions to browsers if these have uncertified recognized then … (not exclusive CIS)

The settings are still there afaik. Which makes it even worse if it does nothing.

If that’s really the case, the settings being there and doing nothing, it sounds really bad. Kinda of amateur-ish, really.

The strangest part is that even if this protection got removed, it can still crash some applications like Google Chrome (also Chromodo Browser) and the user needs to add the affected application to Buffer Overflow exclusions to make it work.

I’m not sure, but I think CIS can stop exploits, but only by the HIPS module. And in the default Internet Security configuration HIPS is disable…

Even if you enable it, you’ll get the first alert from the sandbox.
In sandbox settings, if you tick “Show privilege elevation alerts for unknown programs”, you will get a sandbox pop-up asking you what you wanna do. If you choose “run unlimited” neither sandbox, nor HIPS will work.
If you untick “Show privilege elevation alerts for unknown programs”, you’ll get a sandbox pop-up saying “the program was isolated” with the option “don’t sandbox again”.
Only if you tick the option “don’t sandbox again” and then you re-launch the app, the HIPS will finally work (it’s the same if you add a rule in the auto-sandbox to ignore that app).

Like this, I guess CIS will be able to stop any (or most of) exploit.
Just for reference, check this firewall test (sorry, it’s in Italian) with HIPS disable (in the attachment I have highlighted the result in orange) and enable (once in paranoid mode, then in safe mode, blue highlight)

[attachment deleted by admin]

This is what I really hate about Comodo, there is an amazingly helpful community here with volunteer mods and users that provide help and answers, but anytime something like this is asked and needs addressing, it goes completely ignored and just swept under a rug somewhere. Cool.