When we’re lucky the BO protection could catch it but it is not a given it will.
A malicious mail?
Would need a user to be daft enough but not impossible.
An infected USB-flash?
That’s an untrusted location.
A download from a phishing site?..
It won’t be sandboxed.
If a user is daft enough.
I really wonder, what could be here unclear. But I repeat:
Until now we haven't seen anything in the wild. That would be something to catch Comodo's attention though.
First of all, mods are not Comodo employees; decisions about what hashing algorithm to use are up to Comodo and we cannot influence that.
Using CRC32 for trusted files is an equivalent to a backdoor.
If that is true then the same question for you. Why is there nothing out there in the wild up until now?
Now, who is creating spin. It’s not what Dennis said.
and you are waiting for what exactly to happen??? :o
Comodo is aware of the concerns voiced in this topic. It is in the line of reason that the hashing mechanism would only change if Comodo sees the problem as no longer theoretical; read the problem is out there in the wild. Which brings me back to what Dennis2 and I are arguing? If there is a real threat; where is it?
None to my knowledge.
Will D+ protect against a “trusted” file (i.e. a file matching a hash in the CIS whitelist)?
You’re missing the point. Hash collisions do exist but the question is how big the threat is. Everybody is hyped up and panicky but we haven’t seen anything in the wild and only a proof of concept. Hence why I keep asking how does it get a foot ashore in the first place and I keep arguing that protection is a multi faceted where other mechanism can mitigate among each other.
We have not seen anything in the wild as of yet nor are there gloating reports that there is malware that will bypass Comodo Firewall nor are there reports that black market exploit kits provide the possibility to bypass system protected by Comodo Firewall…
The above lack of evidence corroborates what Melih told us in the mod board:
This protection in Comodo doesn't work for several years: https://forums.comodo.com/format-verified-issue-reports-cis/cis-doesnt-prevent-buffer-overflow-attacksdetect-shellcode-injections-m1489-t111010.0.html
Would need a user to be daft enough but not impossible.
Are you joking?! This is a popular method of attack, and such security software have to protect from it.
That's an untrusted location.
Not by deafult.
Though the user can configure AutoSandbox to block ANY TRUSTED files on all external devices.
But even that setting can be bypassed via LNK-files. You can find some examples in my reports (bug 1672 etc.)
If a user is daft enough.
Are you joking?! See above.
Until now we haven't seen anything in the wild.
That's a very lame argument.
Most likely Comodo is uninteresting for hackers, and this is the main secret of its protection in the wild.
Hence why I keep asking how does it get a foot ashore in the first place and I keep arguing that protection is a multi faceted where other mechanism can mitigate among each other.
[i]The file rating is one of the basic components of Comodo's defense.[/i]
Thanks to it CIS seemed able to protect against 0-day malware by suppressing all unknown applications.
But it appears that this component is quite weak.
Even by the “Paranoid mode” trusted applications cannot be controlled if they have a sign of installer. And malware often have such sign.
Hash collisions do exist but the question is how big the threat is.
...
We have not seen anything in the wild as of yet nor are there gloating reports that there is malware that will bypass Comodo Firewall nor are there reports that black market exploit kits provide the possibility to bypass system protected by Comodo Firewall...
...
If there is real life threat, where is it?
By the way, I have made a program to convert any malware (even well known) to trusted applications for Comodo in few minutes (not seconds because Comodo uses not the usual CRC32, but still a 32-bit hash). It adds several bytes to the file to obtain the same hash as some of Comodo's files: cis.exe, cistray.exe etc.
I have added [i]its output[/i] to the bug-report 1772, see updated description.
When you are really so careless, what about putting that program here on open access? Maybe some users would find it interesting?..
It was certainly a joke. Any interested people can make such “converter” with their hands.
The above lack of evidence corroborates whet Melih told us in the mod board:
It seems CIS is also gimping Killing Floor 2 performance. Game runs very poorly with it installed. After replacing CIS with Windows Defender and currently Panda Free, Killing Floor 2 runs smoothly. Almost as if CIS interferes with CPU cores, making CPU perform really poorly.
Can you see if there is a specific process of CIS going haywire with KF 2 running? If it is cavwp.exe add KF2 executable(s) to the Exclusions of the AV and see if that makes a difference or not.
Hello everyone. I have a question about the new comodo firewall premium. I install the new and when I choose proactive mode and Application rules then the explorer.exe and other options disappears. Is this normal?..because in my doubt I came back the option internet, and then I repeat the process then I saw the all the information like internet option. What is the true configuration? The first one or the last one…please if someone explain me…thanks…n_n
PD: Your product is the best so please grow up…I am a fan of comodo…n_n
This is not normal, unless you’re a paranoid; >:-D
If you set the sandbox to isolate the explorer. exe, it will happen in the settings: proactive and internet security;
Other factors can make this occur, such as: clear “not rely on certified applications” without is the “application list”, corrupted installation, malware …
Do you know any software that would allow me to monitor selected processes and display CPU usage graph for them? I can’t seem to think of any way to monitor process behavior any other way. Alt-tabbing out of game is not an option since I can’t see history of each process like this and once you alt tab out of the game, things most likely normalize since it loses focus.
Don’t know any other way to inspect the situation. Unless if Comodo devs can assist me somehow by testing the game themselves.
Let’s try an indirect way. Can you see what happens when you add the KF2 executable(s) to the Excluded Applications of the AV?
When that doesn’t make a difference try adding the installation folder of KF2 to the Exclusions of Detect shellcode injections and see if that helps or not.
Ok, this is not work for you liosant. Please someone try to help me please. I downloading the last comodo firewall and then install and everything is ok in comodo internet ¿right?. Then I change the configuration to proactive mode but when I saw again in application rules and I choose running processes and when I saw the list I can’t find all the list like in the option comodo firewall internet. Is that correct?..or it must see the same option in the configuration “proactive mode”.Thanks for read me and I hope and answer n_n…
Sorry!
Generally yes, the list of applications running in Internet security settings and proactive security are displayed in the same way, except if the “list of applications”;
The “list of trusted applications” grows comforme will running programs;
If you are referring to “group list” selectable apparently the list does not fit the screen or monitor, if you create a large list of new groups of files, forcing him to follow the mathematical logic from the last visible group ;
It’s not what Dennis said. 