How Comodo protect my system against Trojan.Win32 GPCODE ?

I tested new Comodo against Trojan.Win32 GPCODE. And Comodo protect my system . I just add my local disks to protect files and folders and everything is just fine .

[attachment deleted by admin]

?:*

This one is better.

;D

do you know what the difference is between ?:* and \Device\KsecDD?
i know can be used to block gpcode

CIS auto sandbox can block the following malwares by adding this rule.

?:*

GPcode

the .bat script malware that deletes all files or hides all files

the malware that infects all executable files or all script files


\Device\KsecDD

block GPcode only

why doesn’t comodo just add the rules needed to protect against this in an update as a temporary solution while they work on a real solution so that average users can be protected that don’t visit forums

+1

Won’t ?:* block many other actions too?
Then quite less program would be working in the auto-sandbox.

And \Device\KsecDD? might help to block this particular GPCode sample but your files are still not protected, other ransomware or viruses might still be able to alter your personal files.

The best solution is IMO simply adding your important files to the protected ones, this will always be safe.

hi, is it possible please, to be shown how to add these settings to CIS please, thank you , :-TU ???

Adding these rules, do one also need to set sandbox to untrusted or the default partial limited will do?

Thanxx
Naren

I have a strange and stupid question. What is a differance between “?:*” and added default “*” (“All applications”)?

Can you give me or us an example (Screenshot) ?

Thanks

It contains “device*”, “systemroot*”, …,etc.

But we just want C:*, D:*, …,etc be protected only.

The rules of COMODO is not the same as that of other HIPS programs.

keep the sandbox level as “partially limited”

I certainly hope they will add \Device\KsecDD as a default entry in Comodo now…

I know that. I have removed the rule “All applications” from the “Rules Defense +” and added to the “Protected Files and Folders” (only here it works).

Thanxx for the info.

Regards
Naren

Here you go:

http://www.ld-host.de/uploads/thumbnails/1297fe70a0ec652a3b8b4ae29daf2418.png

I tested the sample with this rule with internet security profile, sandbox on and proactive profile, sandbox off and it was blocked successfully.

Sorry guys, but this issue is highly overrated…

Highly overrated? I wish you good luck when you’ll get hit by such ransomware. There are two things that should never be taken with ease. Viruses (actual file infectors) and these ransomware malwares.
I don’t care about worms, trojans and other garbage that you can eventually clean off without losing anything. But with file infectors and encryption ransomware, there is always chance of losing data.
And even though everyone is screaming make backups, then what’s the point of having antimalware software in the first place if you defend its flaws by saying make backups. Backups should be the very very last resort. And honestly, how many of you actually make them? I can’t backup 2TB of data. Unless you want to pay me for another 2TB drive. Data is not critical but then again i also don’t want to lose it since it’s stuff that spans across 13 years of computer usage. Some was lost and scrambled during the years because of various reasons but majority is still here.

So don’t be stupid and don’t defend it for things that can easily be improved. DOing that just harms the users in the end, including you. As you know i’m a big avast! supporter and at first i was doing the same. But not much later i started pointing out problems and criticizing it myself. Because only this way, things actually improve. So do Comodo a favor and don’t defend it this way. It’s for everyones good.

RejZor, I agree all of your points except I think Data is Critical.
One can always rebuilt its system without backup by re-installing the system (may be with a little bit of money) but, one can never get back some personal data without backup (e.g. your travel photos, your work documents, your connection of …)