HIPS monitoring?

system · December 2, 2006, 2:46pm

first off would like to say i have been using comodo since the very beginning and have loved it ever since and have used nothing but since then “except when reviewing other FW for friends and such”…one thing i have noticed that i have concern over is CPF does not actually stop .dll injections or for that matter any other action related to HIPS it just warns the user about them…and i understand that this take on HIPs will lower the number of popups for the user…however i believe it would be better to never allow the event to happen in the first place…another note…the keylogger protection is great and i love the way its implemented by only alerting the user once the KL is trying to connect to the internet however what if another user on the computer placed this KL on your computer and it only is recording the strokes to a notepad and never has any intention to connect to the web? but simply waiting for the implanting user to come and retrieve it…i understand and like the idea of this “Network connected HIPS” where the only alert is for those applications accessing the web however this does bring concern…and i believe it is somewhat misleading when the FW is advertised as blocking .dll injections and stopping KL and such as it does not … just alerts the user to such acts if the action is happening to or by a network connect program…maybe my concerns are misplaced as this is a firewall and should only deal with network traffic so it makes sence on the way yall have implemented the HIPS…but i would also like to see maybe a stand alone HIPS application from yall in which actively protects you against these threats like comodoPF does but that can actually STOP them from happening in real time offline and online…the GUI would not have to be overly complex just simple enough to make sure you could do a per application option for allowing say X.exe to inject .dlls…or even better be able to control more avanced perapplication basis like X.exe injecting .dlls into XX.exe only

Melih · December 2, 2006, 3:40pm

Trevor post:1:

first off would like to say i have been using comodo since the very beginning and have loved it ever since and have used nothing but since then “except when reviewing other FW for friends and such”…one thing i have noticed that i have concern over is CPF does not actually stop .dll injections or for that matter any other action related to HIPS it just warns the user about them…and i understand that this take on HIPs will lower the number of popups for the user…however i believe it would be better to never allow the event to happen in the first place…another note…the keylogger protection is great and i love the way its implemented by only alerting the user once the KL is trying to connect to the internet however what if another user on the computer placed this KL on your computer and it only is recording the strokes to a notepad and never has any intention to connect to the web? but simply waiting for the implanting user to come and retrieve it…i understand and like the idea of this “Network connected HIPS” where the only alert is for those applications accessing the web however this does bring concern…and i believe it is somewhat misleading when the FW is advertised as blocking .dll injections and stopping KL and such as it does not … just alerts the user to such acts if the action is happening to or by a network connect program…maybe my concerns are misplaced as this is a firewall and should only deal with network traffic so it makes sence on the way yall have implemented the HIPS…but i would also like to see maybe a stand alone HIPS application from yall in which actively protects you against these threats like comodoPF does but that can actually STOP them from happening in real time offline and online…the GUI would not have to be overly complex just simple enough to make sure you could do a per application option for allowing say X.exe to inject .dlls…or even better be able to control more avanced perapplication basis like X.exe injecting .dlls into XX.exe only

that’s CPF v 3

will be out early next year…

Melih

system · December 2, 2006, 4:03pm

well thats great then…cant wait and thanks for the quick reply (R)