but that’s not how the D+ heuristic engine is supposed to work thats how the D+ hips module is supposed to work the heuristics engine is throwing off a false positive that part of the D+ module is only supposed to alert you of programs that look like malware behavior how does an obviously safe windows program look like a malware?
I’ve only ever had the heuristics engine alert me of one program which changed settings in windows and I could understand why the heuristics engine picked that up because it did look like malware the way it worked.
EDIT: added attachment
the attachment shows how a “normal” pop up looks for a program execution in D+ nothing stating a malware behavior from the heuristics.
If you doubt Comodo then simply download the GRC leaktest, PC Flank test and the System Shutdown Simulator and you will see it passes all tests. Even when you rename the GRC test like your suppose to Comodo still warns you.
I don’t doubt comodo at all I happen to prefer it over all other firewalls and it’s my favorite HIPS so far as well thats why I’m using it,
I’m just wondering why it’s heuristics engine is picking up notepad.exe as malware when it’s obviously not it wouldn’t bother me at all if it just gave me the normal program execution alert but it’s giving me the malware heuristics alert instead.
READ THE F****** MANUAL. The notepad program is spotted by the D+ module because it is acting like POSSIBLE malware. Namely it is being called by program and executed where you might not expect it to be.
That’s what the warning says. So what’s wrong with that? Why not just trust all programs called by another program? Duh. Well when a program is called by another program sometimes that means the 1st even if “trusted” program has been “infected” and is calling another program that is not to be “trusted” or that the program called is not to automatically to be trusted in this context.
For example, a program reformatting your disk might be quite alright but NOT when called by your web browser…
This warning allows you to say this possibly suspicious behavior is to be allowed. Either this time, or any time, or after warning, or whatever you want.
it’s being executed by explorer.exe nothing strange about this request and I don’t get this heuristics pop-up with any other program being executed by explorer.exe only with notepad.exe and I don’t ever remember getting this type of pop-up before (I started fresh with the D+ again recently)
and I"d appreciate it if you kept your language under control I’ve read the help files and studied comodo’s firewall and D+ module since it came out of beta in november I know how to use it.
I don’t think that a heuristic that was written quickly and claims to detect 60% of malware can be very reliable.
AFAIK if a program is in comodo safelist it should not generate a heuristic alert if defense+ find it suspicious but if the program was updated recently it will not be in the safe list. I suggest you to upload notepad.exe to a online service such as Virustotal www.virustotal.com (and to Comodo too).
nothing out of the ordinary for settings,
image execution control is set to normal,
all monitor settings are checked,
I already had rules set up in my policy for notepad I forgot about so I didn’t get this heuristics pop up before I’ll have to go through my rules and see if I can find the program that previously executed notepad,
I deleted the rules for notepad and tried to execute it again but get the same heuristics pop-up,
an upload to virustotal came up clean and if I click the icon for notepad on the pop-up and get the properties window it says it hasn’t been modified since 2004,
I uploaded it to comodo as well,
it seems like just a false positive from comodo’s heuristics but I don’t understand why I never got it before and no one else seems to be getting it,
I’m using the newest version of Comodo firewall 126.96.36.1999,
and I just checked and I get the same heuristics pop-up under clean pc mode, train with safe mode, and paranoid mode,
my firewall settings are set higher than the normal but I don’t think that would cause this,
and I don’t expect the heuristics to be all that reliable but I never got this alert for notepad before and no one else seems to be getting it and it should be a safe file in comodo I’m using train with safe mode so that setting checks with comodo’s safe files.