D+ and exploit

Wisdom · June 22, 2011, 8:19pm

Hello

What is the comodo defense for the exploit? files with the pdf extension or xml extension.

clockwork · June 23, 2011, 10:03am

what?

Wisdom · June 23, 2011, 12:34pm

If we have a unknown virus with (.exe) suffix, will be run in Sandbox. But this will not happen for viruses with (.pdf) or (.jpg) suffix, and PC will be infected.

clockwork · June 23, 2011, 7:02pm

once i saw a pdf in the sandbox. but i used it just a moment.

its an interesting question. additional i would like to know, what happens if the “reader program” is not running in the sandbox, but “the file to be read” is new. what will the sandbox do if i open this file with the unsandboxed reader?

Wisdom · June 23, 2011, 8:59pm

No reaction

D+ and Sandbox, reaction only to Applicable files with suffix the (.exe) or (.scr).

Citizen_K · June 23, 2011, 9:53pm

CIS will respond when a script is being run from a PDF file. You should be getting an alert.

Wisdom · June 24, 2011, 9:29am

CIS will respond If the antivirus does detected it. But if not detected by antivirus, D+ and Sandbox do not respond.

Citizen_K · June 24, 2011, 8:12pm

Nope: