http://img132.imageshack.us/img132/4514/comodobotesterresultssu.png
Tested on Windows 7 Ultimate x64 with Comodo Internet Security v4.1.19277.920.
In the Image Execution Control Settings menu/General tab, “Detect shellcode injections (i.e. Buffer overflow protection)” option was checked.
Downloaded the 64-bit Comodo BO Tester application from:
https://forums.comodo.com/comodo_memory_firewall_beta_corner/buffer_overflow_testing_application-t12541.0.html
Had to run as administrator or it would not run.
The Defense+ pop-up occurred when testing 32-bit app protection.
When testing 64-bit app protection, the following pop-up occurred:
http://img207.imageshack.us/img207/1422/comodobotester64bitresu.png
I assume this pop-up and protection is provided by Windows DEP.
Would someone please report the results for CIS v5.0?
These results suggest that Defense+ fails to provide Ret2Libc-type buffer overflow protection for 64-bit apps that handle content from the internet (internet browser, email client, multimedia player, etc.). Is this failure due to Windows’ 64-bit PatchGuard (KPP) preventing full security by Defense+?