Daemon Tools shellcode injection

When I open Daemon Tools (Lite), Defense+ alerts DT is trying to execute shellcode injection.
I have used DTLite.exe many times before. And the file’s digital signature is still valid. I’ve always had CIS 5 installed. The exe file and the company signature are both whitelisted by Comodo.

I wonder why DT is only now trying to inject shellcode. Even when it is a false positive.

Installed DT is version 4.35, it’s not the latest. However, I downloaded the latest version 4.40 and when I tried to open the installer D+ gave the same alert.

I don’t dare to allow it to pass yet. What do you think? Anyone else using DT with CIS recently?

Hey and warm welcome to comodo forums.

add the exe file here CIS → d+ → d+ settings → Execution Control Settings → Exclusions → add

Valentin N

I can exclude it in D+, however I don’t want to do that for now since I didn’t have to before.

Some things must have changed very recently and I don’t know what. Might have been since a recent update to CIS 5.3? Because the shellcode injection alert also comes when I try the latest DT Lite installer (v4.40).

Have tried scanning with several antivirus scanners, and everything came up clean.
If anybody can help me test installing DT Lite on your PC with CIS 5.3, is there an alert? Thanks.

once you get a warning I think you should press ignore, at least not terminate.

the only way you will have peace and no frustating moments is to add it there. CIS doesnt like non well programmed programs ;D

Valentin N

Valentin, thanks for the replies.

There is a Skip option, I haven’t done that though. I’m still thinking that there is something wrong.

Well, at this moment I don’t think Daemon Tools is a non well programmed program :slight_smile:
And the fact is it was okay before, and it hasn’t changed. I mean my installation of DT hasn’t changed. I run it under limited user access, so I’m guessing that it cannot update itself (?). Signatures seem okay, and it is being ‘trusted’ by CIS (the online lookup).

Not sure what to do now. No day to day programs should be allowed to do shellcode injection, right?

Shellcode injection has nothing to do if DT is safe or not. WoW, Startcraft II and Battlefield are other safe programs that give buffer overflow which can cause the computer crash and CIS wants to prevent such event.

If I were you I would worry to much about it and just add it in exclusions; it’s safe program.

Valentin N

Ok I see your point. So shellcode injection may not be bad IF the app is safe.
I’ve put it in the exclusion.

Btw, did a forum search and didn’t show any result. Just now tried Google there’s this:

Daemon Tools didn’t trigger the alert before, I guess that’s what got me suspicious.


it’s hard to determine if a shell code injecting is bad or not. I therefore suggest that you make research before you install that certain application.

If you want some tips where to begin tell me and I will reveal my big secret :wink: ;D


Yes I would like to know the big secret :slight_smile:

Here is the big secret ;D

virustotal and urlvoid

Valentin N

Right! I’ve used Virustotal before.
So CIS now flags DT as doing a buffer overflow, but it’s safe.

Ok, I’m settled now :slight_smile:
Thanks for your help Valentin.

I’m glad I could help:) if you have questions/problems bring them here to forum and we will solve them together :slight_smile: :-TU

Valentin N

No. A program that has a buffer overflow bug will not cause the computer to crash. And it’s probably not even a buffer overflow of any kind in the first place, since D+ cannot detect such things.

Since I haven’t got any buffer overflow I can’t attach a screenshot of what it says but I do know that it will says that buffer overflow can cause crashes (I might of course be wrong).

Valentin N

Valentin, here’s the screenshot. I think CIS has only 1 kind (?).

wj32, ok so CIS doesn’t detect BO.
A code injection or a direct memory access are just “signs” of a typical BO attack.
Is this what you mean?

[attachment deleted by admin]

you’re on the spot blatug :-TU