Hi,
I have a general question: Previously I was using the Sunbelt/Kerio personal Firewall
which had a built in exe-protection that was simple but effective (at least in my oppinion).
There was a md5 checksum for every exe and everytime the exe changed (either by
installing a new version or maybe altered by a virus), a popup asked the user to confirm
this new version.
I did not notice this kind of protection in Comodo v3
in fact if I declare a file as safe (maybe ‘C:\test.exe’)
and then replace it with malware (rename ‘C:\virus.exe’ to ‘C:\test.exe’),
the file is executed with all the rights of the previous program.
Although you might argue that the firewall should prevent the second
step from happening at all (altering or replacing an executable file),
I still think that this would be a good addition to the
“Image Execution”-part of Defense+.
bye,
Peter