This was totally my own fault, but I’m also concerned that Comodo didn’t warn me or block the hook. I also had no idea that right clicking on a file could execute it. Sandboxed As Partially Limited wasn’t limited enough to prevent sending a link to a dietary supplement to everyone in my Gmail account (which contains all my Android contacts from WORK). The Google activity report showed it was a Comcast IP address in Florida.
I found out 4 hours after the incident and immediately changed all my passwords. I also re-formatted my hard drive and now use all the steps listed under Gmail security. But wow, what an expensive lesson to learn. Today I sent an email from my work account (same name, different domain) to one of my contacts and it was returned, blocked as spam. So very, very embarrassing.
Are there any settings I can change to prevent something like this from ever happening again?
Can you export your log for me, in D+ events hit more, then go to file, export. I would like to see D+ events for entire period and displayed alerts. Please attach it here. Thanks.
Some ASUS notebooks come with 2 power buttons: regular boot and a limited, Linux based OS called Splashtop that gives you instant access to the web, email, chat, Skype, music, photos. Using Splashtop also gives you about 50% more battery life, so I wanted to check out their enhanced version called Splashtop for Business. I couldn’t find it online using Windows based browsers, but the Splashtop browser returned several hits (red flag).
You can’t dl anything directly to the hard drive using Splashtop, so I saved it to a thumb drive, re-booted into Windows and right-clicked on the file to examine it. My suspicions were confirmed with the Sandbox warning, so I stopped any further exploration and deleted it.
I think you might be correct b/c after discovering what had happened, I ran Comodo AV, Malwarebytes and Spybot S&D, none of which detected any threats. Still paranoid, I did a re-format and re-install
languy99 - thanks for the reply. Sorry, everything went with the re-boot. In hindsight, a log file would’ve been more useful than a screenshot…
The Comodo default settings seem to be very generous. AV default is “Stateful”. I changed it to “On Access” where “Threats are going to be detected before they can do any harm” …which I thought was the whole point of having an AV program. Are there other defaults I should change or are these discussed in a separate thread?
Probably the most important change is to switch your configuration to ‘Proactive’
If you were in the default config. when you made the above changes, you will
have to change them in ‘Proactive’ as well.
I’m sorry I didn’t mention that before.
From the Help manual…“Stateful File Inspection…minimizes the effects of on-access scanning on the system performance. Selecting the ‘Stateful’ option means CIS scans only files that have not been scanned since the last virus update - greatly improving the speed, relevancy and effectiveness of the scanning.”
I think Comodo is worried about the ‘conventional wisdom’ constantly
being spread all over the net, that CIS is too hard for the ‘average’ user to
understand or cope with.
So they dumb down the default settings, so the average Joe won’t be intimidated by all the alerts.