erroneous BO attack detected [Issue Report]

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
1

Hello,

It seems that COMODO Defence+ generates a “Buffer Overflow attack” warning and blocks an application that does not have such a problem. For more info, please have a look here:
https://forums.comodo.com/empty-t72072.0.html;new;topicseen#new

The bug/issue

  1. What you did: Tried to install the application “Likno Web Modal Windows Builder”

  2. What actually happened or you actually saw: a “buffer overflow” warning asking to block a dll file

  3. What you expected to happen or see: a normal installation with no warning

  4. How you tried to fix it & what happened: only works if I add an exception or fully remove CIS

  5. If its an application compatibility problem have you tried the application fixes here?: n/a

  6. Details & exact version of any application (execpt CIS) involved with download link:
    “Likno Web Modal Windows Builder” problem exists in all versions, specifically the problem is with the “LiknoWebModalWindowsBuilder.dll” file which is oprotected by EXECryptor, but the warnings appear for the files that call it (“LiknoWebModalWindowsBuilder.exe” and “LiknoWebModalWindowsActivationTool.exe”) and even at install time when the file is merely copied-over.

  7. Whether you can make the problem happen again, and if so exact steps to make it happen:
    If you do not add the file/application to the BO exclusions, then it happens every time

  8. Any other information (eg your guess regarding the cause, with reasons):
    My guess is that this is caused by the EXECryptor protection. The reason I believe this is because:
    i) we had problems in the past with other antivirus products when it came to protected files
    ii) the problem occurs in the protected file

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug: warning.jpg
  2. Screenshots of related CIS event logs and the Defense+ Active Processes List: n/a
  3. A CIS config report or file. n/a
  4. Crash or freeze dump file: n/a

Your set-up

  1. CIS version, AV database version & configuration used: CIS: 5.3.181415.1237, AV: 8567
  2. a) Have you updated (without uninstall) from CIS 3 or 4: n/a
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: n/a
  3. a) Have you imported a config from a previous version of CIS: n/a
    b) if so, have U tried a standard config (without losing settings - if not please do)?: n/a
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): n/a
  5. Defense+, Sandbox, Firewall & AV security levels: D+= , Sandbox= , Firewall = , AV = (all have default settings)
  6. OS version, service pack, number of bits, UAC setting, & account type: XP Pro SP3 32bit
  7. Other security and utility software installed: none
  8. Virtual machine used (Please do NOT use Virtual box): VMWare

The problem does not only exist with “Likno Web Modal Windows Builder”, but with most (if not all) Likno products. You can download the Modal Builder here:

[attachment deleted by admin]

2

Thank you for your Issue report.

Moved to verified.

Thank you

Dennis