Those who install CIS without the AV can choose the proactive configurations even during install.
* COMODO Internet Security 3.9.95478.509 (Defense+ Settings Disk Checked), the test was used as info. Default settings were used for the test results.
Outpost Firewall Pro 6.5.4. (2525.381.0687)(Specify Security Level:Advanced); while setting up Specify Security Level:Advanced/Normal options are being asked. And user is directed for Advanced option. So, Advanced option was accepted as default setting.
This test was not a test of AV heuristic/detection but a test of Sandboxing/HIPS that apparently included a zoo sample (C917581C38C3A33C8239D2D819F32494) whose chances of failing detection are not mentioned.
!ot! Did you send a PM to egemen? He is a Security expert, CIS lead developer and programmer as well.
Maybe there is a less evident explanation for this but I understand from many of your posts in these forums you wish to increase the specificity of Disk Monitoring for a not explicitly stated set of API.
I have not but I have reported the bug enough times.
If you write to a file using normal windows API you get a pop-up. It you block the pop-up the disk write is not blocked. It must be a bug and I would consider it a false positive.
!ot! Sorry it did not occur to me that it was unpractical for you to contact egemen himself anyway it is not clear from the many posts you producted so far what is your definition of True Positive (and related APIs) to increase the Sensitivity of disk monitoring.
I gather that if you have correctly outlined a FP scenario you ought to be able to confirm likewise a True positive scenario as well to the point you can clearly state whenever different API are involved (or not).
This is the reason I hoped you would have already sent a thoroughly detailed PM to egemen himself as he s a Security expert, CIS lead developer and programmer, despite you feel inclined to claim it a bug.
I am a programmer and accustomed to using windows API for reading/writing files. I have never used what I would call direct disk access and would not want to experiment with it as it would be very dangerous. I assume it would involve writing directly to sectors on the disk.
If what the developers call direct disk access is merely writing to a file using normal file API then defence+ is not blocking it.
I asked you to confirm if the same API set were involved for all possible types of Direct Disk access. Besides I cannot imagine a more fruitful scenario if you PM egemen who is a programmer, security expert and CIS lead developer and send him a detailed and thorough feedback. It is not unlikely that egemen actually tested scenarios you did not.
I assume this is what you call direct access. As Direct keyboard access involves normal API too I’m somewhat unable to understand your point but I guess egemen would be plenty able to.
Actually you never confirmed what you would call direct disk access API-wise.
It is not that you confirmed that direct disk access is not indirectly involved in some types of file access nor AFAIK you explicitly confirmed what APIs would be theoretically needed for direct disk access.
You confirmed that you are a programmer, you confirmed you have written about that few times already but alas I wouldn’t have been able to guess it was so unpractical for you to write a single PM to egemen and address it programmer to programmer.
Besides you could be the only one able to correctly represent your viewpoint to CIS lead developer, wouldn’t you?
Nevermind then. Though I still hope you’ll PM egemen, I already gathered you are inclined to call it a bug even in this topic.
Please forgive me and forget I even asked about that.