Hi @AATTUBATO , Intel TDT settings are not shown in the UI if the endpoint processor doesn’t support it.
1 Like
@ilgaz If it is not supported why it is loaded into the memory and checked every startup? I can’t even delete the log file for Intel TDT cause it is used by Comodo
@EricCryptid Thank you for your kind tips. Now I know why CIS couldn’t be reinstalled on my end, coz these files were not deleted. They should be automatically removed by the uninstalling process…
2 Likes
No problem. Also worth checking there isn’t a leftover Comodo Folder in Program Files. After uninstalling the Beta, it seemed to leave some files behind and when I reverted back to 8012 the installation, it alerted that newer versions of those driver files were already there in the Comodo folder. That caused HIPS failure initiall and then Installation error on 2nd attempt. I had to run the uninstaller tool and clear those registry & driver files before I could install 8012 properly again.
@EricCryptid It’s very strange that the official uninstall tool doesn’t work in my cases. It disappears after checking the agreeement and running. Then a error log file is generated but without any help. Hence I have to use the third uninstaller. Nevertheless, the third party uninstaller also can’t remove the residuals files of CIS after uninstalling.
I will try the upcoming new release to check this issue.
Hi Redstraw,
Kindly run the below ciscleanuptool and check.
http://download.comodo.com/cis/download/installs/ciscleanuptool/CisCleanupTool_x64_3.1.0.45.exe 3
Thanks
C.O.M.O.D.O RT
Hi Redstraw & EricCryptid,
We have tested and found that there is no files left after uninstalling both CIS PRO and CIS beta.
If you could reproduce kindly provide us the related screenshot, so that we will report this to the team.
Thanks
C.O.M.O.D.O RT
Try this uninstaller:
I’m sure you know it. Be careful with mode intensiv - make a backup before applying it. I only had a problem with it once. It apparently deleted too deeply. And afterwards controlling with ccleaner.
It’s exactly what I used.
I won’t reinstall it anymore before a new release. I am annoyed with it.
Yes. Revo is what I used to conduct the uninstalling.
Intel Threat Detection Technology (TDT) hardware-based ransomware detection needs Core vPro business-class processors and was introduced in 2021 in their 11th generation (also for mobile platforms). Less powerful TDT protection mechanisms were already available for desktop vPro CPUs starting from the 6th generation.
More information here: https://www.intel.com/content/www/us/en/architecture-and-technology/vpro/hardware-shield/threat-detection-technology.html
And about its integration by Xcitium/Comodo: Xcitium announces integration of Intel Threat Detection Technology - Australian Cyber Security Magazine
Our engineering team worked very closely with Intel’s team to bring this technology to our customers and users!
Thank you for the reply. I’ll try and reproduce.
Unable to reproduce at this stage. There are these system drivers but that’s separate from the repository ones I manually removed.
So when I try and install .8012 after uninstalling beta, I get the following pop-up for each of these
Overwriting the newer file causes the Hips Issue initially but it’s fine after reboot.
So I have to run the Uninstaller to remove those drivers to successfully install older Cis 8012.
I don’t have time to test keeping newer file versions at this time.
1 Like
Hi EricCryptid,
Thank you for providing the requested information.
We will check again and update you.
Thanks
C.O.M.O.D.O RT
Any update about it?
That’s an interesting application of DISM that I was not aware of.
I use Driver Store Explorer for this. I also used it to spot the left overs.
Hi, infosec, ilgaz, user9823742.
I found a bit of info matching this on Intel website for TDT.
Detect Ransomware with Intel® Threat Detection Technology Solution Brief
Intel® Threat Detection Technology is a suite of technologies that adds a hardware-assisted detection layer to security solutions, raising the barrier against advanced threats. Intel TDT is a key feature of the Intel vPro platform which makes profiling and detection possible across the entire device stack. Intel TDT uses a combination of CPU telemetry and ML heuristics to detect attack-behavior. It detects ransomware, cryptojacking, and other threats that leave a footprint on Intel CPU performance monitoring unit (PMU).
Since this is hardware based thanks for confirming the requirement i suspected something like this my CPU is 10 years old.
With this at the hardware layer i would like to think this is offloaded from the CIS client so it is not too resource demanding.
But what about the future ?.
Ransomware and cryptocrime is on the rise so as these attacks change, morph and develop into worse and more sophisticated it will not be possible to apply an update to the CPU the only option is to buy new CPU where these new features are built in along with new motherboard, ram then the rest of the machine this is an expensive option to replace everything all the time however the achievement is a fantastic one.
For CPUs that are not supported why can’t a software emulator be created then we can all benefit although when TDT is enabled there may be a performance impact but at least we would all have the option ?.
Can Comodo/Intel create one ?.
Thanks
Hi AATTUBATO,
Thank you for reporting.
We will check with the related team and update you.
Thanks
C.O.M.O.D.O RT