Driver/ service install not detected?

I tried this tool

http://www.iterati.org/Developers/HideProc/Default.aspx

Very strange that CFP gives no warning about a driver/ service install on my system. Can anyone confirm this?

Thanks

[attachment deleted by admin]

I’ve just tried this tool after setting Defense+ into Paranoid Mode.
I’ve got BSOD twice, saying DRIVER IRQL NOT LESS OR EQUAL caused by HideProcDrv.sys, just after I allowed explorer.exe to execute HideProc.exe.

comodo cant block this drive install because service.exe be trusted by cfp even if you delete the rule of service.exe. I dont know it is a bug or the design of cfp, but I think this is dangerous. some virus will call service.exe to install drive and cfp will no alarm. I hope comodo will improve it as soon as possible.

you can see this link to know more discussing, it is a chinese, you can translate it by google:http://bbs.kafan.cn/viewthread.php?tid=263063&extra=page%3D2%26amp%3Bfilter%3Dtype%26amp%3Btypeid%3D6

thank you

Hmmm… I have put services.exe on my sytem with Custom policy. It,s too bad that CFP still treats it as trusted. I will say it a security hole in CFP.

[attachment deleted by admin]

yes, I think this is a serious issue, I hope it can be fixed as soon as possible

I really like the development of CFP and it,s my favourite HIPS. Recently I feel less and less feedback from developers on the forums. I wish if egemen can repond about this.

Not only this but also CFP does not detect the behaviour of this application after driver loading( but that is being discussed in another thread).

To me it,s very serious issue. I never expected that CFP will not detect driver/ service install loading while most other HIPS like SSM, EQS, OA detect it in this case. Seems it will be good if fixed as soon as possible.

Thanks

Looks like your finds are wrong. See my screen shot.

[attachment deleted by admin]

Because you are using Vista. No such alert on my side with XP home SP2. :-TD :-TD

By the way, pop up about service control manager access is rather vague as it is not even specific like a driver/ service instal alertl.

I am not on Vista. That is XP. Think again. Both my pc’s are XP. I guess you never heard of Stardock. I have XP SP3 on both my machines. The pop up is the same as the one you got for EQSecure. Services and control.

Sorry, but i tested that program, and i need to allow it.
If i don’t allow ther program, it freezes.

What? You should have had 3 D+ alerts. 1 for explorer.exe. 1 for the HideProc running. Then a third after you try to hide a certain running program.

Nop, if i allow the program, ican hide a process wthout an alert when i try to hide that process.

Works for me. Screen shots don’t lie. I did a fresh install of Comodo last month.

Today i formated my system. Tonight i retest the program with a fres install.

sorry, you are wrong. SCM access is not means drives installation.
CFP just can block the SCM access but cant block drives installation if you allow the SCM access, and SCM access sometimes is a normal behaver for many applications. some of them maybe opreation mistake if we block the SCM access. But for CFP they can install drive if they want when we allow the SCM access!

so I think this is a security bug. CFP need block the drives install after the SCM access was allowed.

thank you

Block or Allow is up to the user. Its Comodo’s job to tell you about whats going on which it did for me. Any HIPS needs user intervention.

Now that,s weired. Anyway some users have same situition as weith me so there must eb a bug somewhrere.

Why don’t you try completely uninstalling your custom version of Comodo and reinstalling a fresh copy.

Ok, i will later try it on a fresh snapshot of my system. Wil report back later.

I know you know but be sure all traces of Comodo are gone.