Inserting a keylogger on a crashing/closing notepad would purge the supposedly inserted ( ??? ) keylogger as well.
@ssj100
I was wondering why you didn’t deliver the news that the latest OA beta now blocks this?
TallEmu’s response time looks rather impressive here.
Hi mate, why are you wondering that? I don’t check Comodo forums much generally. I use Wilders forums mostly, and actually found out that the latest OA beta now blocks this from Wilders forums!
Anyway, interesting to see that OA thinks this is worth patching. We’ll see what Comodo thinks soon I guess?
I don’t read Wilders often. Does this mean that the app was able to crash OA?
When I tested this with OA++ I received the initial pop-up seen below, which incidentally, is pretty much what happens with CIS, when Image Execution is set to Aggressive. If I allow the program, either as normal or run safer, test.exe still crashes Notepad and I don’t receive any additional alerts from OA…
[attachment deleted by admin]
Well D+ alerts when the test is carried against CIS itself whereas the test rely on Windows messages it might even be the flooding is unrelated to the crashing sideeffect but more pertinent to fuzztesting.
Does this mean I am better off with Image Execution set to “Aggressive”?
I already use Paranoid; I am wondering if this aggressive will result in mind-blowing popups.
Does it serve any practical purpose or it is just useful for testing obscure POCs.
I too only got the alert with Image Execution set to aggressive. I have reset it to normal as at this time I can see no real reason to have it running at agg. level.
To test this app “windows message” motoring would be more right on the spot than Image execution, that’s why I previously invited you to test it also against CIS and post the results.
Sorry, experiencing some PC burn-out ATM (last three years or so :)), so I am not inclined to do any testing, but I do appreciate the efforts of yourself and the others.
This PoC sends window messages to applications and tries to crash them. And if the receiving application does not handle messages sent i.e. codes 0x2710 - 0x10000, it crashes.
It can NOT do any harm to any CIS processes because CIS defends itself against this type of attacks. Can it crash notepad or any other application? Possible.
It does not pose any security threats unless it is directed towards CIS itself and CIS defends itself.
So I’m guessing there won’t be a patch released for this?
There is nothing to patch. AFAIK, this should have been being used by malware to terminate security software for more than 8 years. CIS already protects itself…
Fair enough mate. But wouldn’t it be quite inconvenient/annoying if malware was able to terminate other processes, and Comodo was unable to stop that?
But it would be more annoying even unsecure if we show alerts for such massive range of window messages just for convenience.
It will be unsecure because eventually, the user will close the security software or even uninstall it.
Maybe don’t implement it by default, but at least have a configuration to enable it?
Indeed it also turned out flooding was not the cause of crash but only a way to find a message the app could be unable to handle.
Wrong thread, but I know what you mean. I just ran it outside of any sandbox and Defense+ blocks it easily like you say. Apologies for making conclusions of how security software works by running it sandboxed haha.
I moved it ssj, silly me 
Thanks for the heads-up