Of course , when I start it , there are two or three alerts , but those are not important , if the program begins to work , and you can click “Protect” , if the program shows you “Failed” or your software gives you an alert , that means your software could block it , if it shows you “Done” , that means your softeware cann’t block it . CFP cann’t block it , when I click the “Protect” , there is no alert and the program shows me “done” . After it protects itself , CFP couldn’t terminate it , maybe there is few software can terminate it . The name of the program is “kill.exe” , it is in the “danger.rar” , and the password is “virus” . Another program in “danger.rar” is “cs.exe” , it uses the technology of alternate data streams , it could be found and blocked by CFP .
CFP cann’t block it , maybe because it cann’t block a program oprate the System essence , some other HIPS software can block the “kill.exe” because they can stop and alarm for oprating the system essence .
A suggestion , I wish CFP could block a program changing the system time , many virus will change the system time in my country , because if the time is changed to a long time ago or a long time later , most of AV software will not work normally .
When I start the program , CFP gives me these alerts just like when I start other programs , but when the program begins to work and try to protect itself(when I click “Protect”) , there is no alert for me , I think this is the important point , because if it wants to protect itself , it should operate the system essence , and CFP cann’t block this kind of operation , some other HIPS softwares such as EQ-Sucure can block this operation . If the program protects itself successfully , almost no software can terminate it .
Another problem , when the “cs.exe” create a file , CFP couldn’t show me the file path rightly , it shows me unknow path , as I know the program use the alternate data streams , maybe this is the reason , but other HIPS could show the right file path . Ｉ ｈａｖｅ ｐｏｓｔ ｉｔ ｏｎ 32ｂｉｔ ｂｕｇ ｒｅｐｏｒｔ．
That would be interesting to see. Based on their explanations, it would seem like it should but in reality it might not. Never know, until it’s tested. Seems that would get some good information for Comodo to use to improve the product.
At present, looks like ProSecurity is the leader there…