tested on Windows 7 x64 with Comodo 5.0.163652.1142. Sandbox off, D+ with proactive profile.
RadeonPro can inject its dll “AppProfiles.dll” into other processes and there’s no pop up from Comodo regarding this.
Even if I use the process protection features, e.g. to protect firefox.exe against injections and so on, AppProfiles.dll is loaded into the memory:
You are seeing a pop up regarding the sandbox. The sandbox must be always disabled for such testing because it’s using Windows rights limiting and this distorts the result.
D+ should handle any code injection.
If I recall it correct Online Armor has the same problem. And I bet almost every other HIPS has too.
I’d really like to know what is different of RadeonPro’s injection technique that it seems to be fully unknown to popular HIPSes.
What is pis*ing me off more is that since Comodo 3.8 the x64 HIPS didn’t improve at all regarding usermode hooks.
I’m curious what the developer comment will be in my “Sad: No progress with the x64 HIPS of CIS” thread. :-TD
When RadeonPro is first executed, there is a COM alert. When this is allowed, CIS lets the rest of the allow alerts too. This is for the sake of end-user experience by default. For example, if you blocked, it would block the DLL injection. Can this be changed? Yes. When you see the popup, it is the default popup layout. You can simply click “More Options” and it will expand the popup to Advanced Layout. In this layout, CIS will be verbose and allow you to play.
I’ve tested again and it actually fails like hell.
I always use the advanced layout. If I test such an issue and even create a forum thread you can be sure that mentally ■■■■■■■■ human failures like the one you have described don’t apply to my findings.
Just for my ego I tested again (advanced pop up layout!!!) and there is no pop up regarding the injection.
If I recall it correct there’s not even a pop up for the COM interface.
@MOVEAX: Did you see a pop up regarding COM interface access?