Here you will have access to the world’s best security experts to help you learn all about Computer security!
feel free to ask!
Melih
Ok, now about security.
Does V 3 of CFP protect us against the exploit of mshta.exe?
Why doesn’t more malware use it, since it seems to be efficient?
Is HIPS the only way to do that?
In greenborder.com they use a GreenBorder-Security-Test.hta file that you download and run.
It uses mshta.exe (just like some new malware) to create a folder on your desktop with “stolen” documents and so on… It also creates a mshta.exe.mui on your desktop.
It creates a scriptfile that do a “eggdrop”…?
It’s called GreenBorderEgDrop.js that do something and saves to “GreenBorderPsSee.exe”.
Both files are found in C:\Documents and Settings\YourName\Local settings\Temp
There is something about a MZKERNEL32.DLL…
I found mshta.exe in three folders.
windows\ie7
windows\system32
windows\system32\dllcache
I found some info that it use lsass.exe so that the process talks to LSASS and it reads the data from the
registry, this path is not visible from the Admin context. Permissions needs to be changed to read
it. (stealing passwords?)
These are my observations without knowledge in programming or using special tools.
It would be nice if someone at Comodo explain this test/scenario in a normal language.
The main question is, should I keep mshta.exe renamed? ;D
Do you know if it’s needed in other files than .hta?
I only found one .hta file on my PC besides those testfiles. It was for WMP.
Indeed we will protect against that too with v3!
CFP v3 will be the First line of defense against malware!
CFP v3 will create a quantum shift in the security market from AV being your first line of defense to CFP v3 being your first line of defense against Malware! The time for allowing everything and only catch whats bad (if you know what is bad that is) (eg: AV products today…) is passed its sell by date! we need a proper protection… we need CFP v3!!
Melih
That sounds great!
That mshta.exe exploit still worries me though…
CFP 3 isn’t out yet…
If you need the source files and the created script and program files from that test, just let me know.
sure go ahead and send it across pls.
thanks
Melih
Hi, I’m a new user.
Is there anyway I can secure individual documents from getting leaked.
For example, my cv. It’s all good and well that my pc and identity is hidden from malicious web users but if someone gets access to my personal files, well, that is scary.
Can this be done with Comodo or do I need another type of programme?
Bedo
HI! I WENT TO E-MULE TO DOWNLOAD SONGS, AND I CHANGED MY MIND AND UNINSTALLED IT…BUT NOW I AM GETTTING LITERALLY HUNDREDS OF BLOCKED INTERNET ACCESS ATTACKS, BLOCKED BY MY ZONE ALARM FIREWALL. JUST INSTALLED THE COMODO. I AM NOT AT ALL COMPUTER SAVVY, COULD YOU GIVE ME SOME ADVICE ON HOW TO STOP THESE ATTACKS…THANK-YOU
Sounds like you picked up some nasties while downloading Emule.
Firstly I would use a cleaner such as the free CCleaner and delete all temporary files, cookies etc.
Then I would download Spybot Search and Destroy, update it, use the immunize feature and then run a full scan. Use spybot to remove any malware entries it finds. You can also use Spybot to view and remove any browser helper objects or active x components that are undesirable.
Next, make sure your antivirus is up to date and run a full scan - this should hopefully find any traces of malware on your pc.
Ad-Aware SE personal is also free and sometimes finds things your antivirus or spybot miss.
If this does not solve your problem then post again and I am sure someone will offer further advice.
Links:
p://www.ccleaner.com/
:SMLR
I would certainly recommend the latest Comodo Firewall Pro and CAVS beta.
Melih,
I am a second user…supposed to be administration on win32 application…win 32 says comodo firewall is not a valid win32 application and won’t let me down load…what should I do?
hello yes comodo site u will see a software program its shows a dload that secures your notes but beware if u dont save it all u will lose it so yes go to comodo site and read up u will find it on your right side or on anuther page contact me [ at ] harry_markee [ at ] yahoo.com
Why is it you have time to answer questions about computer security, but you don’t have time to answer support requests with helpful information that will make the Comodo firewall install and work properly on my computer?
I submitted support requests over a month ago about the ■■■■■■■ up Comodo 2.4 installer that have gone unanswered. I have requested assistance in the forums that have also been ignored.
I can find answers all over the internet to my computer security questions. But, Comodo is the authority on Comodo products, and I would expect to get reliable answers here that will help me get Comodo to install and work properly. Why not put a little more effort into supporting the guinea pigs who test your beta releases???
Oh, great. So, instead of having a nice little firewall that does what a firewall is supposed to do, you’re going to turn Comodo Firewall into another over-bloated suite that attempts to be all things to all people, like ZoneAlarm or Norton. “Do everything” suites are EXACTLY what I was trying to avoid when I came to Comodo. 
And, then, or course, you will have “dumb down” the interface so every novice idiot can read the cartoon icons and not have learn anything useful or think about what they’re doing. Good grief!!!
NoPayne…
it certainly is not our wish or desire not to answer our users. I am sorry if we haven’t. You can use the forums to ask these questions if you wish. If not, pls forward me your support ticket no and let me see where the system has failed in answering you.
thanks
Melih
What you are describing is not our intention at all 
Melih
I’m releived. javascript:void(0);
Bounce
I’m sure whatever changes are in store will be innovative. I hope they will be efficient and not too imposing.
NP
Hello, I have installed: nod32 2,7, comfortable personnel pro 2.4.18.184, (spyware terminator, avg 7,5) and to spywareblaster, I have passed bariums test of security online and in it gives better spyware terminator me and in others avg. It wanted to know your opinion in as of both he is but trustworthy to put it like resident and if podeis to advise some programs to me of security, thanks in advance.
Warm greetings,
Hola, tengo instalado: nod32 2.7, comodo personal pro 2.4.18.184, (spyware terminador, avg 7.5) y spywareblaster, he pasado barios test de seguridad online y en unos me da mejor el spyware terminador y en otros el avg. Quisiera saber vuestra opinión en cual de los dos es mas fiable para ponerlo como residente y si me podeis aconsejar algunos programas de seguridad, gracias por anticipado. Saludos cordiales,
Hey,
I already used bitdefender and it was a darn good antivirus, but if I scanned some virusses still got in my pc .
Comodo isn’t as bitdefender because here the first thing it does is prevention not detection. But I do have 1 problem with your antimalware tool. I’m oke with the virusprotection but the antispyware part is still full of leaks :-[ . So I scanned with superantispyware and found over 100 spywares :-, could you please ad some more spyware rules in CAV because I just wonna use comodo. I know its not jet full operational (especially the spyware part not) but I hate it if i need to use more then 1 protection software (I know I need at least 2 of them but that … → fill in that yourself ;))
Love what you created already, the antivirus is oke. Just the darn antispyware isn’t.
For the rest (R)
Hi Melih, thank you for a really great product!
I use the 2.4.18.184 version and ever since I tried Comodo the first time (December 2006) I’ve been curious about the Component Monitor. There has also been a problem with it, I posted a ticket but got no answer.
Now, my question is: Is it possible for a DLL file to access the internet, without a .exe parent? For example there are numerous of DLL’s from Microsoft in the list, all set to Allow in the Permission column. Can they, theoretically, be used as some kind of spyware, telling Microsoft all about my computer experiences?
Thanks,
/L
In order for the DLL to access the internet, it has to using some other application. The Component Monitor checks all components (whether DLL, activeX, etc) related to known applications/applications in Application Monitor. The validity is verified in order to get an approval for it to be part of the connecting application (please note, it’s still the application that’s connecting, not the component).
If an application is updated (with new files, components, etc), you will get an alert from CFP to that effect (it will say there’s a new library, or the application has changed, or there are components to be authorized…). You can click the “view libraries” link and it will show you all these components, which you can approve individually if you like (or block). If you block them, it may cause problems with the application connecting (provided everything is indeed legit).
Further, if a malware tries to hijack an allowed application, you will get an alert to that effect as well, for a DLL Injection (in this scenario). All these things are part of the Application Behavior Analysis (Security/Advanced).
LM
Thanks Little Mac for your answer. It is, by the way the “view libraries” feature that has caused some problems. I have discussed this earlier in another thread, maybe with you. The problem was (or should I say is) that the view libraries function doesn’t remember the choice, so now I’ve given up the attempts to block some DLL:s.
However, now I now more about the function of the Component Monitor so thanks again
/Leo