Extended Script Analysis List.

Mephisto · July 18, 2019, 12:59am

1. What actually happened or you saw:
Many legitimate Windows Processes and Tools from Microsoft can be exploited to attack a system, because they accept command line parameters or can be exploited through Fileless Scripts.

2. What you wanted to happen or see:
I wanted Comodo to include most, or all vulnerable processes in this picture (Click to enlarge) in the Script Analysis List.

3. Why you think it is desirable:
Allows advanced users to further extend Comodo’s protection capabilities.

4. Any other information:
Credits to Malwaretips Forum member AtlBo for this extended process list image.

Another process that could be included is wmic.exe which is exploited by the Astaroth Fileless Malware.

liosant · July 18, 2019, 4:18am

svchost, services … but all the system boot winlogon> winint> services> svchost (svchost loads “metro or system applications” - svchost is responsible for remote access and other requests …)
An improvement is required in the firewall module or its integration with script analysis;
HIPS good protect PC…

Mephisto · August 2, 2019, 12:59pm

Bumping the topic because I think this should be implemented, would be extremely benefical to anyone using Comodo.

mathir · August 2, 2019, 2:43pm

Hi mmalheiros,

Thanks for sharing your suggestions. I have forwarded the feature request to our developers, they will discuss and decide about extending the Script Analysis List.