With regards to the nasty 'Ransomware: why does one need to add \Device\KsecDD, is an Internet Security Suite suppose to protect against such Trojan’s and Viruses etc.,? I have changed from Kaspersky 2013 and the protective(s) element was contained within the software itself, no changes had to be made by the user…

Adding “\Device\KsecDD” restricts Windows encryption tool which some ransomware use to encrypt your PC. It won’t protect you against all. You might as well add the whole C drive into DEF+.

How do I add the entire C: drive in to Defense +

In order to be fully protected from all forms of ransomware please follow the advice I give in How to Install Comodo Firewall. It will explain how to do this.

That’s excellant, thanks… :slight_smile:

Setting the sandbox to block should block em :slight_smile:

That should do really. :slight_smile:

Download and watch this video guide http://dl.dropbox.com/u/71508137/COMODO%20Firewall/Protect%20files%20from%20Ransomware.7z

Or watch this video guide Protect files from Ransomware - Vbox7

And more video tutorials for Komodo http://lashev.com/?p=110

  1. where is this \Device\IKsecDD supposed to get added?

  2. The suggestion to create the protected file group ?/* is just plain >:-D

Due to the number of popups, the system essentially becomes unuseable. A far more practical solution is to protect against drive-by downloads by blocking all executable and archive files into the %sysdrive%:\Documents and Settings*\Local Settings\Temporary Internet Files\Content.IE5*\ folders.

Why is there a need for disinfection if the infection vector fails?

You might not be able to stop the poke, but CIS will hinder the injection of the poison.

Set the disinfection tranlsation level to: untrusted.

IF CIS sees a weird process, that process gets run in the sandbox; as long as your sandbox is set to max effecitvness unknown process can not access system resourse. Its tha nature of the beast: your trade simpliicyt for effectiveness at the expense of interpretation of alerts.

Faster, better, cheaper: pick two.

After adding it I noticed no drastic change in the number of popups.

Remember that the setting only applies to unknown applications, of which there are not that many on most people’s computer. Thus, essentially that setting means that a sandboxed application cannot alter any files.

To me the benefit far outweighs the cost.


After putting ?/* into Protected Files I got a never ending series of alerts having the form:

C:\Documents and Settings%user%\Application Data\Microsoft\Internet Explorer\Recovery\Active{*}.dat

C:\Documents and Settings%user%\Application Data\Microsoft\Internet Explorer\Recovery\Last Active{*}.dat

C:\Documents and Settings%user%\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore{*}.dat

C:\Documents and Settings%user%\Local Settings\Temp~DF???.tmp

It didn’t stop until I removed it. I added it back in and there are no alerts whatsoever. :-\

Anyways, hows ?/* different than the All Applications file-group, i.e., ‘*’ ???