Buffer Overflow Protection bad design

I just noticed BO protection (BOP) is really badly designed. If Defense+ slider is on “Disabled”, because you for example don’t like crappy popups all the time, BOP doesn’t work either!
Why is that good is beyond me, but if you ask me, thats really bad.
Ppl here assured me that BOP works anyway, but after testing it, i found out that isn’t true.
BOP settings should be separate from the D+ sensitivity slider and located as separate option under D+ main panel. I don’t understand why BOP is hidden so deep in settings in the first place?

Im’ not quite sure what you mean… Do you mean this option?


Is there any other 88)

It’s not a problem for me that they are separate settings and I don’t agree that it is too hidden. It might be a bit easier for common user if they would be merger those options, though. In other words, get rid of Image Execution Control Settings and put some new tabs under Defense+ Settings.


put the D+ in “training mode” and you won’t see alerts. and the BOP will work anyway :wink:

No, because that means no malware protection, which is the point of Defense+. It would be safer to not install D+ than have it set to Training Mode permanently, since it would result in the dangerous actions of unknown malware being added to the Computer Security Policy.

Actually, it does work with the slider set to disabled…

I had this question when 3.8 was just released.
Question about the new buffer overflow protection. [RESOLVED]

Follow the link in that thread and you can test it yourself.

Greetings all,

Hi HeffeD. Your question was different in the referred thread. It was regarding Image Execution Control only

Is this still active if you have Image Execution Control Level set to ‘Disabled’?
I tested it and yes, it works when the Image Execution Control Level is set to ‘Disabled’

The question by RejZoR here is completely different, as I understand it (I hope I am not mistaken)

I just noticed ...If Defense+ slider is on "Disabled "... BOP doesn't work either!
- [u]that would be a serious claim![/u]

So the examples given are all about Image execution (BO) slider & checkbox.

I cannot show it with both Defense+ and BO sliders because windows are Modal but that’s in the checkbox at the right bottom of the image
Keep in mind that there is another way to disable Defense completely.


So, if Defense+ is disabled and Image Execution does not work, even when checked that is really really bad design indeed & sure not just because dialogue windows are separate (that would be the last thing to worry about)
That would be another minus to integration instead of having CMF as a separate component (Add-On) protecting whole system as it did before and having it integrated if and when users want to.

My question is to RejZoR: did I get your request correctly?

My regards

??? This Follows on from Rejzors original Post, and i am glad he brought it up . I would like a straight answer perhaps from someone at Comodo on this one. Does Buffer overflow protection work, when D+ is disabled?. Some people disable D+ for various reasons and if Buffer overflow does not work, under those circumstances, i would be a worried user. Why?. Because i read some time back in the forums that 27/28% of infections caused by malware were due to bufferoverflow attacks, and someone who disables D+ for whatever reason, may not realise what they are losing protection wise and what they may be exposing themselves to!!. If the answer is yes, then, is there a reason why one wont work without the other, or is this a flaw in the makeup of Cis which needs dealing with, as its a choice thing in reality whether you want to use D+, but i personally do not want to see users losing Bufferoverflow protection as a very high percentage of infections are caused by lack of buffer overflow protection and i am greatful of Comodo implementing it as another layer of protection. Me personally, i am not affected by this because i use both and always will. Oh, by the way, seems like my previous post regards which choice of Av, has created a hornets nest of opinions and unnessary flaming comments from some, but all i say is Does Avira have Bufferoverflow protection?, No. Hmmmm, does that mean Avira users and other app users without Buffer overflow protection are potentially exposing themselves to A higher percentage of malware than Cis, Yes.Have i entered another Hornets nest on this one, Just maybe.

Dave1234. In defence of Cis.

sorry, I misunderstood. I thought he didn’t like D+ and didn’t want all those popups while keeping the BO protection enabled 88)
sorry, my fault :slight_smile:

OK, sorry about that… I was busy looking at the screenshot Anarion posted and didn’t realize it wasn’t part of the original post.


AFAIK that is what he wants, it is just that there are better ways of doing it :wink:

The Parent Mode technique for example.


Ok guy’s. You got me. I don’t know what your talking about.

Could someone tell me why they’d disable D+.

Might be a good reason, but as I said “I don’t know”.

Hi Guys,

Beanie, sorry, but the discussion about whether the original poster likes or dislikes Defense+ and is not an answer.


Could someone tell me why they’d disable D+

Sandwater, you may probably excuse me, but that is not a question here. There are many situations where we need temporarily disable Defense+
If we will discuss that here - the whole thread will go Oftopic regarding the initial question

And the initial question is very legitimate one.

It would be nice to hear the response from developers

& my regards


That’s fine :wink: . Thanks for reply


Sorry for the OT, I’ve put the the big OT smiley in my post :wink:



Good point. I can be sloppy. And I will further prove it…

I am wondering though, how does RejZoR test his Buffer protection. And I’m not being a smartass, I really don’t know how it is tested.

I’d like to see if I can do what RejZoR is talking about.

Come on Rej… teach us please. It would be interesting to this lowly enduser I is.

I was testing BOP with these tools:

I am not sure that is the case. BOP settings are located under the Defense+\Advanced[b]Image Execution Control Settings link[/b]. The Defense+ Security Level slider is located under Defense+\Advanced[b]Defense+ Settings link[/b]\General Settings tab. These are two totally separate links under Defense+\Advanced. Why would setting the Defense+ Security Level slider in the General Settings tab of the Defense+ Settings link to ‘Disabled’ have ANY bearing on how the Detect Shellcode Injections (i.e. Buffer overflow protection) functions under the Image Execution Control Settings link?

The Image Execution Control Level slider and the Detect Shellcode Injections checkbox are located on the same Defense+\Advanced\Image Execution Control Settings\General tab. It seems possible that setting this slider to ‘Disabled’ MIGHT also disable Buffer overflow protection, although Bufer overflow protection does have its own separate checkbox.

Thank you.

I found your observations correct.

But since I don’t disable D+, it won’t be a prob for me.

Can you enlighten us, me, on what situations your in that require D+ to be disabled? Please, I may have the same sit in the future.


I believe Comodo did what they did to keep the resources lower. Which is what we wanted too.