Of course , when I start it , there are two or three alerts , but those are not important , if the program begins to work , and you can click “Protect” , if the program shows you “Failed” or your software gives you an alert , that means your software could block it , if it shows you “Done” , that means your softeware cann’t block it . CFP cann’t block it , when I click the “Protect” , there is no alert and the program shows me “done” . After it protects itself , CFP couldn’t terminate it , maybe there is few software can terminate it . The name of the program is “kill.exe” , it is in the “danger.rar” , and the password is “virus” . Another program in “danger.rar” is “cs.exe” , it uses the technology of alternate data streams , it could be found and blocked by CFP .
CFP cann’t block it , maybe because it cann’t block a program oprate the System essence , some other HIPS software can block the “kill.exe” because they can stop and alarm for oprating the system essence .
A suggestion , I wish CFP could block a program changing the system time , many virus will change the system time in my country , because if the time is changed to a long time ago or a long time later , most of AV software will not work normally .
Says who? What did the alerts say? If they are about the application accessing some system functionality, then I’d say they’re reasonably important, wouldn’t you?
Can you post a screenshot of htese allegedly unimportant alert dialogues.
When I start the program , CFP gives me these alerts just like when I start other programs , but when the program begins to work and try to protect itself(when I click “Protect”) , there is no alert for me , I think this is the important point , because if it wants to protect itself , it should operate the system essence , and CFP cann’t block this kind of operation , some other HIPS softwares such as EQ-Sucure can block this operation . If the program protects itself successfully , almost no software can terminate it .
Apologies, I didn’t realise that you hgad attached screenshots of the alerts. :-\
That’s interesting ( ??? >:() that the firewall doesn’t detect escalation of application privelege. I made the mistake of assuming this would be covered by the HIPS component.
Can you please post this in the 32 bit and 64 bit bug reports (assuming that it isn’t detected on both platforms).
Thanks , I post it in the 32bit bug report . But I don’t think this is a bug , maybe it is just that CFP doesn’t have this function . My OS is 32bit , I am sure the 64bit OS must be same to me .
Another problem , when the “cs.exe” create a file , CFP couldn’t show me the file path rightly , it shows me unknow path , as I know the program use the alternate data streams , maybe this is the reason , but other HIPS could show the right file path . I have post it on 32bit bug report.
That would be interesting to see. Based on their explanations, it would seem like it should but in reality it might not. Never know, until it’s tested. Seems that would get some good information for Comodo to use to improve the product.
At present, looks like ProSecurity is the leader there…
