ok, so I’ve taken time to go through everything and really overlook the AV settings…
I can’t seem to find the HIPS settings which is the whole reason I installed CAVL
I’ve already been ratted once with Pupy, and it was scary enough I never knew until my ex-friend blurted he did to my other friend he hates.
since then I’ve been looking for a HIPS solution which doesn’t seem to exist for linux
about the best there is is an IDS like snort
but that doesn’t Prevent the intrusion, only notify about it.
no there is no HIPS support
I just found I was ratted last night by watching outgoing UDP traffic and comodo never notified me of, nor blocked, the intrusion.
(this was the whole reason I got CAVL at all)
shame
I understand the service is free
but that’s the whole reason I boast about you guys
this is not “expert-level security” like I boast
the RAT has been removed
I can tell it was Pupy because it resided in RAM until I reset my machine (I no longer have UDP traffic galore when nothing’s running)
so yeah, hopefully this gets fixed so I can continue to boast about you guys
EDIT:
btw I did get a packet capture
if you’re a CAVL developer, or maintainer, PM me and I’ll gladly send you what I have for analysis
note though this is mid capture, so I don’t have the initial intrusion injection.
EDIT2:
well nvm the packet capture
that wasn’t the RAT, that was just a glitch with qtox
when closed, traffic continues with a result of “Destination Unreachable” which I thought was the rat trying to communicate with the host
but despite that, I know I was ratted because the dude who ratted me sent a screenshot of it to someone I’m having rough times (friendship drama) with
when asked what was in the shot, he replied I was watching youtube, which I know wasn’t a coincidence of some old image
no the rat was removed before I captured any packets, so yeah, I don’t have anything to give.
EDIT3: and I’m back to being friends again with the dude who ratted me
we got our issues resolved
