I’ve noticed both guard32 and guard64.dlls that comodo loads into most processes via the app_init mechanism (presumably for HIPS?) appear to be both not compiled with ASLR enabled.
Could you please comment on why this is the case and if it will be remediated (and avoid giving us the ‘it’s all good we assure you industry best security blablaba’ speech). Or alternatively very verbosely why this is not a concern given both seem to be always loaded at 0x180000000 or 0x100000000 into things like web browsers, email clients, etc.
As this is a question about the functionality of CIS, and not necessarily a bug, I will move this to the Feedback section of the forum. It is most likely that you will receive a satisfactory answer in that part of the forum.
well, up to you guys re how to classify it.
Personally I think it’s a bug/potential vulnerability. For other security products e.g. sophos AV it was a bug/vulnerability for their equivalent of guard32.dll. (detour dll)
I should clarify that I am not Comodo staff. I am a volunteer moderator who handles the bug reporting board. Thus, my comments should not be interpreted as those of Comodo.
Thus, I think it’s best that this first be discussed. That is why I moved this to an area of the forum where discussion is likely. If others have not commented on this within a few days please contact me and I will look into this deeper.
If you can replicate this it is certainly worthy of a bug report. However, please create a new topic for this in the bug reporting section of the forum. This particular topic is more of an inquiry than a bug report.
Can you elaborate on the exact nature of the freezing that happens?
I have had problems with system becoming less and less responsive. Read, starting executables did not seem to happen; after 15 or so minutes I would get an error message from Windows stating it cannot open the file and suggests right limitations may be at hand.
It seemed to start happening after I had shortly installed EMET. The odd thing was that the problem also happened when I installed previous versions of CIS 7 (I did not have the problem on those versions before); my system was jinxed… :-X Reinstalling and uninstalling EMET did not change the system. The problem went when I uninstalled CIS.
I decided to reset Windows 8.1 and start from scratch again. My Windows 7 SP1 installation is still jinxed. I may try installing EMET again after making a system restore point to see if the problem resurfaces again.