In it's current state Comodo's buffer overflow protection will be useless on x64

…because the main advantage in comparison to DEP, being able to block Ret2Libc attacks, doesn’t apply for x64 processes:

I hoped that you would make it until CIS v.4 but you obviously didn’t. :frowning:

My two cents regarding other things of v.4:
D+ is still uncomfortable and flawed. There are still these stupid pop ups of the services.exe when installing new drivers and still it can’t control the activity of batches and scripts (some other HIPSes do!).
It still sucks on x64 and that is not related to Patchguard. It scores very poor at SSTS in comparison to Sandboxie and partially also other HIPSes like KIS.
The sandbox is uncomfortable and insecure in comparison to Sandboxie. Also, the concept sucks because no applications which require admin privileges run sandboxed, there’s just a warning about that.
Is this the “zero pop ups mode” promised by Melih? :-TD
And there’s still no behavior blocker…

The only positive things are IMO increased detection of the AV and the new skin.

Nope, it can (also checked on v4 beta with SB turned off):

What else scripts D+ is unable to control?

It scores very poor at SSTS
What is SSTS ?

SSTS = new Matousec tests coming.

thanks :-TU

Checked that again. It doesn’t fail for batches but for example for VB scripts.

As for VBS scripts. D+ is CAPABLE to protect against them. In Safe mode (not taking into account Paranoid). It is “specific” implementation which results users to allow and remember some/all activities for wscript.exe and explorer.exe calling wscript.exe.

wscript.exe is not trusted by Comodo and there are always D+ alerts at wscript.exe execution unless you chose in the past “allow and remember”.
Try this test script:

Regarding “specific” implementation of protection against VBS scripts by D+ :

Valid for current V3. Tho not sure about V4… IIRC moderator Ronny said somewhere on beta board that handling of scripts by D+ was improved…but in what manner etc ???

Notice that not all sandboxing/virutalisation goodies are deployed yet. More information in How the Comodo Sandbox works. Also notice this extensive post by mouse1 about the current workings while in the test phase as well as an extensive post by Endymion about how test results may not be what they seem when being ran in sandbox.

According to Melih we will see the full blown sandbox with v4.1. That release should also bring CIMA based heuristics and behaviour blocker iirc.