More Defence Plus interceptions/ filters needed

1- Protection against Clipboard loggers
2- Interception of WebCam loggers
3- Hidden Process Detection in real time

I am not sure why still these are not intercepted by CFP while other HIPS can do this. :frowning: I have posted even before.

Also some more things I will repeat.

4- Separate pop up alrets for direct disk Read and Write access
5- Protected files access alerts to eb separated into File Read Access, File Write/ Modfy Access, File Delete Access like some other HIPS.

I think it,s too difficult to convinve Comodo team to add anything on users wish. :o

I’m interested to know what these mean. Does D+ not show hidden processes?

1- http://www.zemana.com/list/list.aspx?ktgr_id=413
2- see the pic.

[attachment deleted by admin]

So you don’t see DRTCP.exe in the “View Active Process List”?

I did not tried it. Some one posted this Pic.

I want to have a pop up alert on detection of a hidden process.

When that process executes (hidden or not), you will get a D+ alert.

Right, but Defense+ should call it hidden process.

Malicious or not, a process is a process. A non-hidden process could be malicious too, so there is really no difference.

I too think the clipboard logging part sould be intercepted. (:NRD)

As for Webcam I don’t know, it seems pretty product specific and unessesary. Comodo tries to focus on real threats and a advanced user can stop the webcam if he needs to, or block it with comodo, but you will not get a popup saying “hey its the webcam”. I think those companies implanting those security measures are giving users false sense of security, claming to protect against something thats not even used by any hacker. (hey I see you)

Its really Microsofts job to plug holes in MSN were you can remote start the webcam, or in ICQ.
Its the hips job to make sure MSN/ICQ/whatever won’t do any harm, comodo does that. A popup for webcam just makes CIS sukky and add more annoyance than protection, thats my point of view.

Whats next… "OMGDS THIS HIPS INTERCEPT AND WARN YOU EVERY TIME YOU TRIES TO OPEN A NEW PAGE IN FIREFOX, FIX FIX FIX!!! I KNOW COMODO POPS UP FOR ALL THE DLL THIS HAS TO LOAD AND THAT IT INSTALL ITSELF TO FIREFOX AND THAT IT SAYS ITS PROBABLY A MALWARE AND STUFF, BUT STILL WHY NO POPUP WHEN IT OPEN A WINDOW IN FIREFOX… OMGDS… FIXX!! OA HAS THIS!! "

Or why not a leak test where you see if you get a popup for opening a folder… "OMG OMG OA HAS IT EVERY FOLDER A FILE TRIES TO OPEN YOU GET A POPUP… OMG OMG… FIIXXX!!! LEAAK OMGGDDZZ! "

I agree that the following ideas of yours is nice:
3- Hidden Process Detection in real time (it does, but it could add the info HIDDEN, since many hidden are bad)
4- Separate pop up alrets for direct disk Read and Write access
5- Protected files access alerts to eb separated into File Read Access, File Write/ Modfy Access, File Delete Access like some other HIPS.

AND that its too difficult to convinve Comodo team to add anything on users wishes.
But this has probably to do with priorities, And Comodo receives a LOT of wishes every day.

+ 1

It would be nice to have also more information related to the other types of accesses such as hook (global/event and type for the first one…)/kernel memory/…


http://img26.imageshack.us/img26/458/25877769fy1.th.jpg


http://img26.imageshack.us/img26/2623/48764706fc8.th.jpg

http://img26.imageshack.us/img26/7437/15721802us7.th.jpg

I totally agree.

BTW I can,t see your images. Why don,t you upload them locally.

Different event handling hooks between Malware Defender and D + (snap 1/2)

Different kernel memory accesses handling between ProSecurity and D+ related to the same rootkit sample [EZ SSDT Restorer, (snap 3)]

[attachment deleted by admin]

I really don’t understand you guys.

First in the beginning, everyones says : Hey, we don’t use Comodo, it uses way to much pop-ups.
Now they reduced it, and you guys are asking for more pop-ups again ???

Why ask for more pop-ups Comodo will prevent in the first way ?

Xan

i’m not asking for MORE pop-ups but for MORE INFORMATIVE pop ups…

It’s quite different…

Maybe defence+ is designed to spot and stop a process hiding itself and so does not detect hidden processes.

These two definitely should be added. Even Egeman said that the detection of clipboard loggers will be added in the future. It’s almost a year and still hasn’t been added :-\ .

As for WebCam loggers, Defense+ monitors if some application wants to access directly to the screen then it definitely should monitor if some application wants to access WebCam.

Implementing these new protections will not increase amount of alerts since CIS white list is getting bigger and bigger. Also CIS has started using digital certificates in order to reduce amount of alerts even more.