I thought it was their digitally signed file [their financial simulator was signed with nVidia?] that initiated comodo uninstaller with silent switch? ???
Please see this post from the Another MRG video… thread. This is the vulnerability I was talking about.
Also, the way this was fixed for V5 is specified in the COMODO Internet Security 5.0.162636.1135 Released! notes.
Nowadays, a lot of malware come in other forms than standalone executables. For example, some come in the form of visual basic scripts while some come in the form of java binaries. When they come in such forms, they are executed by “interpreter” applications such as wscript.exe or java.exe etc. 2011 family of products can identify such applications heuristically and detect the real file behind the requests of “interpreters”.
Thanks :-TU
So, case closed…
As long as that was the method that CIS self-protection was bypassed then yes. From their results it isn’t obvious what type of attack was able to disable parts of CIS.
also I hope they don’t count disabling cfp.exe ( the user interface) as a failure and not cmdagent.exe ( that is what does all of the work). I have seen many times where cfp.exe could crash and the system would still be protected becasue cmdagent is still running and when it gets no user interaction it just denys everything automatically.
if this option is checked…
[attachment deleted by admin]
Nope it has nothing to do with that.
Unless D+ was disabled, then cmdagent.exe isn’t protected.
What does this option do then?
that option is made to be used on infected computer. What it does is that it stops programs from doing anything if they are closed, and it stops other programs from being able to access those programs also. The problem is that if you turn this on it can mess up a non infected system becasue some programs need to access files of programs that are not running at the moment.
so even if that option is disabled cmdagent.exe willl protect itself, but not the entire system behavior, right?
if that option is off it will protect itself and the system. That option locks down the system to the point where it can break other programs trying to run.
But even with that option disabled ( stock configuration) if you crash cfp.exe cmdagent will still protect itself and the system. What it does is that it automatically denys anything it would have asked you becasue it can’t ask you.
I don’t understand what you are saying. The help says:
Block all unknown requests if the application is closed - Checking this box blocks all unknown requests (those not included in your Computer Security Policy) if Comodo Internet Security is not running/has been shut down.
To me this means CIS only blocks unknown programs when the GUI is not running if this is ticked.
Prior to version 5 I always ticked this option with no problems. I have not tried it with version 5 as people are saying it has problems.
let me see if this pic helps you to understand…
[attachment deleted by admin]
I don’t think it’s possible to “legally close” cmdagent…
Do you mean stopping the service?
legally closing cfp.exe, right-clicking tray icon and select ‘close’…
I think it’s like Win7’s UAC that detects system modification without user interaction…
I’m talking about the only “unprotected” arrow…
as far as I know, when unknown request is issued cmdagent.exe communicates to cfp.exe for user interaction.
If i understood correctly, if the option(block all unknown requests if the application is closed) is unticked,
and cfp.exe is legally closed via clicking the tray icon and click ‘close’
cmdagent.exe will left unprotected, allowing all unknown request…
any other circumstances, cmdagent.exe will still protect the system…
( I tested it on CIS V4, I assume it will be same with V5 )
[attachment deleted by admin]
languy said a few posts above even if CFP, cmdagent will still block everything by default.
https://forums.comodo.com/news-announcements-feedback-cis/antivirus-product-selfprotection-test-2-am-test-lab-norton-beats-comodo-t63915.0.html;msg451213#msg451213
CFP is only a GUI which shows popups, the real engine is cmdagent.
That’s why I asked, your graph is wrong.
Nope, dax123 is perfectly right.