Comodo Firewall does not prevent virus autorun.

Henrique_RJ · November 26, 2010, 11:13am

I did tests.

Comodo Firewall Free allows virus autorun of removable devices are executed.

HeffeD · November 26, 2010, 11:31am

I’m sure Comodo would love to hear the details of your tests.

Henrique_RJ · November 26, 2010, 11:42am

CF should block the execution of unknown programs autorun and does not.

HeffeD · November 26, 2010, 11:55am

Again, details please…

Henrique_RJ · November 26, 2010, 12:25pm

Create two files with notepad: autorun.inf and test.exe

autorun.inf content:

[AUTORUN]
OPEN=test.exe

test.exe content:

test

Record two files on a CD.

Run the CD in the drive.

Give permission in CF and record.

Create two files with notepad: autorun.inf and test2.exe

autorun.inf content:

[AUTORUN]
OPEN=test2.exe

test2.exe content:

test2

Record two files on a CD.

Run the CD in the drive and see that CF will not ask anything.

Henrique_RJ · November 28, 2010, 6:04am

I did a test with SpyCar and even paranoid mode CF failed.

CF allowed SpyCar to be executed and loaded into memory.

A virus loaded into memory can get attempting to install in the system.

panic · November 28, 2010, 9:03am

The exe file you “created” in Notepad is NOT an actual EXE and CIS (and just about everything else 88)) is smart enough to recognise this. It will not have a PE header (or any other header that would indicate executable code).

Comodo’s firewalls have passed Spycar since CFP V3.14.

If your CIS is configured correctly, you will receive AV and D+ alerts.

Ewen

Henrique_RJ · November 28, 2010, 4:23pm

I will not insist.

Yourself to do the tests and verify.

I’ll wait for a new version to install and test again.

Thanks

panic · November 28, 2010, 10:27pm

I did.

My reply was not “off the top of my head” or based on past history. I went to the Spycar site, accepted the legal mumbo-jumbo and ran each of the tests against the currently installed instance of CIS on my test system.

Each and every test produced an alert, which I blocked, producing a fail for each and every test.

Cheers,
Ewen

Henrique_RJ · November 28, 2010, 11:17pm

The window of each test SpyCar opened on the screen?

If opened, the CF failed because SpyCar its run.

HeffeD · November 29, 2010, 12:37am

He said he blocked them from the alerts. In other words, no, it didn’t run.

Edit: Just for fun, I decided to give SpyCar a try. I used the default Safe Mode and Internet Security configuration. Like Panic, I blocked from the alerts and SpyCar was completely denied.

I even ran Tow Truck just to make sure. You can see the results for yourself.

[attachment deleted by admin]

panic · November 29, 2010, 12:55am

Not in my tests. I got an alert before any windows were opened or any dialogues displayed.

If opened, the CF failed because SpyCar its run.

See above. I really think you have misconfigured CIS or you accidentally allowed the objects to run.

Cheers,
Ewen

HeffeD · November 29, 2010, 1:00am

I believe so as well, because in my edited post above, I ran the SpyCar tests using the default settings for CIS and SpyCar didn’t get a chance to do anything.

kinemitor · November 29, 2010, 3:14am

yes, try to reinstall cis, and do NOT test with an exe created with notepad (they are not appications)
instead use and .bat or .cmd for the autorun