Currently there have been a bunch of videos where the lnk file just points to something that has already magically resided on the system, but if run by itself would have been blocked.
In reality Comodo can indeed protect against malicious lnk files. data stealers have long used this method of attack. as an example of Comod’s protection against an Emotet (self contained lnk file) see at 0:40 of this video:
Hope this clarifies.
m
Thank you very much, it really clarified a lot!!!
@cruelsister I have to say it’s beautiful to see the futile determination of someone trying to belittle Comodo. They try. They insist, but, as always, they fail.
Thanks for proving them wrong once again
The Dogs may Bark, but the caravan moves on…
Thanks for clarifying and demonstrating 
The caravans will continue to move on 
You’ll see that they will return to barking, but thanks for having proven them wrong once again.
Ok installed it. As soon as it started it asked me for license key which I closed. I use the free version so unsure if its going to bother me again.
I setup the rules as it did not work without it. Any port
My machine IP 192.168.0.2
Vmware HASS instance on 192.168.0.110
ollama in docker.desktop container
When firewall is disabled
it works
I don’t want to run this without firewall so please advise why not working?
Hello. Dear EricCryptid, I have CIS 12.3.4.8162 installed, but when updating antivirus databases, it stubbornly tries to install CIS 12.3.4.8162, which is already installed. What should I do?
Hello friend, I can tell you what happened to me, I installed the CIS 12.3.4.8162 version, but after updating the database it updated again to CIS 12.3.4.8162.
I came to the conclusion that I was updating other tools like KillSwitch and other tools.
If anyone went through the same thing as me, could you share your experience?
Hello. Dear New_Style_xd, in my HIPS settings, explorer.exe is marked as an allowed application, after updating 12.3.4.8162 to 12.3.4.8162 --explorer.exe became a user-defined set of rules. Which is suspicious!!
I hadn’t noticed that detail you mentioned.
I was wondering if it’s worrying?
A year ago, my friend had some glitches in the system and he accidentally noticed that in HIPS, explorer.exe was replaced as an “allowed application” with a “user rule set”. He reinstalled CIS and everything was back in place, the glitches went away.
I’ve also experienced the updater even though .8162 is installed. I’m presuming it’s also just updating components, probably just certificates but I’ll have to see if I can identify what’s changed. No issue with it though, updated, restarted and all good to go.
Thank you dear EricCryptid for your answers.
Hello @EricCryptid
When you can identify it, could you please let us know? I’ll be waiting here.
Just confirming. Update updates KillSwitch from version 12.2.3.8026 which is the version installed by default to 12.3.4.8162.
I don’t notice immediately any other update changes but I hadn’t checked other file dates before the update and there aren’t any newer modified than the time of the update.
See my reply above. It’s a KillSwitch update as far as I can tell.
Thanks for the updated information.
Thank you EricCryptid
