Defense+ and BOClean compatibility

yorker · November 21, 2007, 1:54pm

I installed Pro 3 today. I am already running BOClean 4.25. Is it compatible with Defense+ or should I uninstall it? ???

TC

grampa · November 21, 2007, 3:09pm

Hey,
I recommend you keep BOClean as a second line of defense. I run CFP v3 (HIPS enabled), Avira AntiVir and BOClean without any issues.
Cheers
grampa

Japo · November 21, 2007, 4:07pm

+1. Actually the same exact configuration over here. Had Spyware Terminator also but just dumped it since it’s now redundant thanks to Defense+ in conjunction with BOClean. :-*

Anyway fiddling into Defense+ I see that BOClean is not digitally signed. Defense+ is set to trust everything signed by Comodo, but BOC is not; if I try to set D+ to trust everything from the same source as BOC, I find it’s not signed at all. I know it’s a separate product but the fact is strange considering Comodo’s doctrine. I guess everything will be fine at least once the CAVS project is final. Anyway I don’t know how costly it would be (I don’t think it would be, since Comodo already signs other products), and anyway it doesn’t create visible conflicts. I’ve manually set BOC as trusted just in case.

I know digital signatures are not that widespread (AntiVir isn’t signed either currently, but I get the impression that Comodo (Melih) wants to pioneer this field.

AnotherOne · November 21, 2007, 6:58pm

You will have to give BOClean some extra permissions and tell CBOC to ignore CFP. Open the BOClean excluder and add the CFP processes to the Exclude list. (You can find out exactly which ones to exclude by looking at the week’s View Defense+ Events to see which CFP processes were protected by CFP. Then in CFP, click Defense+>Advanced>Computer Security Policy>(locate the BOClean entry)>Edit>(check that the “Use a Custom Policy” button is checked)>Access Rights. On this window, check Allow for Interprocess Memory Accesses; Process Terminations; Physical Memory; and Disk. Otherwise, there will be a bunch of log entries and pop-ups which you will have to deal with. Currently, when a process tries to inspect or access CFP processes, it is not permitted and the attempt is logged. Also, the “Learning” pop-ups do not write a new permission for the process level events that CBOC employs.

kazuya · November 22, 2007, 3:37pm

Should you put any AVs onto the BOclean exclude list also ?

tech-addict · November 23, 2007, 12:22pm

That’s good info AnotherOne.
THANKS!

AnotherOne · November 24, 2007, 4:59am

Other AV’s may not need to be listed on BOC’s excluder. It depends whether the AV’s have protected their own processes. You would notice a conflict by slowing system functioning and freezes. I have tried several different AV’s recently, and the only one that had a problem was AVG and that was a problem that arose from Comodo’s firewall not properly recording AVG’s permissions. Problems are likely for AV’s that use process monitoring, but even there it may still work. I used BOC with Spyware Doctor without problems, but as I recall, I did have to put them on each other’s “Allow” lists. Alerts let me know that there was a need to do this.