Tested on Windows 7 Ultimate x64 with Comodo Internet Security v4.1.19277.920.
In the Image Execution Control Settings menu/General tab, “Detect shellcode injections (i.e. Buffer overflow protection)” option was checked.
Downloaded the 64-bit Comodo BO Tester application from:
Had to run as administrator or it would not run.
The Defense+ pop-up occurred when testing 32-bit app protection.
When testing 64-bit app protection, the following pop-up occurred:
I assume this pop-up and protection is provided by Windows DEP.
Would someone please report the results for CIS v5.0?
These results suggest that Defense+ fails to provide Ret2Libc-type buffer overflow protection for 64-bit apps that handle content from the internet (internet browser, email client, multimedia player, etc.). Is this failure due to Windows’ 64-bit PatchGuard (KPP) preventing full security by Defense+?