Defense+ doesn't intercept keyloggers?

Thinking on that, I install SC-KeyLog 2.25 for test purpose on my pc, and CAV alerts me about malware, but Defense+ doesn’t detect when my key strokes were being logged and doesn’t warn/block the action. Sure Defense+ needs improvements!

by default defense+ isn’t preventing keyloggers… as AV Detects it…

Set D+ to Proactive. Then go to D+ → Advanced → Defense + settings → Monitor settings → now see if Keyboard is selected or not (I think it is by default with Proactive).

That’s wrong. Let’s say, if someone use my pc and put a keylogger into it, then CAV alerts about malware and this person add the keylogger to the exclusion list, I will never know that there is a keylogger into my pc.

My Defense+ is set to Proactive. Thanks!

So, CAVS recognizes keyloggers as “keyloggers” or as unclassified malware?

Allowing unfettered access to your PC would defeat all security software in the circumstances you’ve described above.

If some one has to use your PC, make sure they log in using a non-adminstrator account. QED

Ewen :slight_smile:

I agree with you, but I’m not talking about myself, but about a newbye user. Let’s say a newbye user send his problematic pc with CIS installed to an assistance, and only God knows what the guys do there… Not everyone will remember protect CIS with password protection, so anyone with acess can add a installed malware to the exclusion list.

COMODO should act different! If CAV says that X or Y is a malware, and if the user quarentine or remove the malware, no alert from Defense+ is needed, but if the user allow once or permanently the malware (add to the exclusion list), so Defense+ should detect this malware (keyloggers in our case) when my key strokes were being logged and warn/block the action. Do your understand?

I understand what your saying, but it’s like panic alluded to.

If someone has physical control of the PC, no software can protect you, at least in this way as you describe.
If they can add malware to the AV exclusion list, they could just as easily add it to your safe files or trusted apps
for D+.

If you give physical control over to someone else, it’s best to be someone you can trust.
I know, you know, we know, noobs learn. It seems more of a life lesson than a software issue.


well, think different

for example if only i have the comodo firewall and no comodo AV ( i use nod32) if nod32 doesnt detect the keylogger, its bad news that the defense + cant detect it too

(i didnt tested the new version ) Im waiting that the program asks me to update

There is no way you could install the keylogger and run it without allowing it in D+.
You would be warned.


that brings up a question i have had for a long time. what exactly are those configurations for? more confusion? when are you supposed to pick which?

Most people I know do not use the configurations…they also find it too confusing. Comodo really needs to have a settings wizard during installation that helps the user configure the ports and all the settings (D+, firewall, antivirus)…and to do it all in laymans terms. This would help the user make their own configuration before CIS starts (users will not forget to set things, like the stealthed ports!). More advanced users could skip the wizard and manually adjust the settings.

I think most users will want to set and forget (using a wizard)…and will have no use for the Configurations.

well, for example, i go in and pick anti virus security configuration and it tells me its been activated successfully. i don’t even have it installed! and no matter which one i pick it doesn’t change anything.

Well, I am a user who does not use configurations because I think it is not very functional. SO I have not tested it in detail. But, in my opinion, it needs better functionality. For example…when you switch to a predefned config (such as proactive secutrity), it should give you a basic description of the settings in laymans terms (such as “maxiumum security against all types of threats”) and it should certainly warn you if it tries to change the settings of a component that is inactive (e.g. it can’t turn on an antivitus if its not installed). My point was that most users will not need to use it…but also that many who try to use it will be running into the same issues you bring up…and so will just choose avoid using it. I do think the configurations can be improved a lot to make it more user friendly (e.g. by correcting the issues you raise).

on PC i haven’t this problem…
but on Mac antiviruses it something strange… I for example use on mac keybag keylogger, and no one antivirus don’t say anything ???

yes thats true defence+ need to improve her keylogger protection

in the bug forum they have some topic that users give keyloggers can bypass d+ but no reply for any devs
& dont have a screenlogger protecion + no clipboard protection + no webcam protection

one more questions they have any improvemt in defence+ from v3.5 to 3.8 !!!

D+ is CIS strongest part…

I really think it need all the focus it can get when needed =) The Keylogger part is a important one…


The security being compromised by the ease of use! It’s what I see in every new release! (:SAD)

True! more and more stuff are off by default… :frowning: As a advanced user its easy to turn them on after the install, but I think something close to proactive should be default install!

But there is many security enchantments to, Like to Buffer overflow protection added, and next version will offer a better AV… :slight_smile: But still, D+ is important, and could use some more improvements!

As bad frogger said, You would get alerted during install of the application D+, By the AV (if it can detect it) and the main one - The firewall will alert you about connecting to the internet.

This is mainly a usability reason to have it unticked by default… and if you look at the bigger picture it makes sense.