regarding the buffer overflow protection

good morning/evening , last night when I was testing comodo against a couple of specific famous malicious software which are spread all over the world , like koobface worm . I noticed that comodo overflow protection comes up and ask me to Terminate it or ignore it .however , when I hit terminate the process will still run , but the good news is ,it will be sandboxed ( for sure ). So , here i’m asking , was that a normal behaviour ? from what i understood , when I piece of code doesn’t pass the buffer overflow test it shouldn’t run at all !! ? ???

regards knk2006

ok now I’ll quote what’s written in the help file

When an executable is run it passes through the following CIS security inspections:

Antivirus scan

Defense+ Heuristic check

Buffer Overflow check

ok I’ve been alerted for buffer overflow , however I still see the sandbox message pops up.when I checked the D+ log , I saw that the malware was actually sandboxed then tried to inject whatever which is diffrent from what’s written there !! A- antivirus check. B- D+ check and finally Buffer overflow check , when it passes the whole three tests it should then sandboxed ??? but here it seems that the process is being sandboxed before the buffer overflow check completes < I had no problem with that since in both cases I’ll be protected , :wink:

ok one more thing , when the process is being checked for buffer overflow , am I going to see it ( the process ) in the task manager or before it’s being executed ?

I hope some1 can answer my queries :a0

and yeah I almost forgot , happy easter 8)

Here sanbox (SB) is disabled and result is following: app is launched, buffer overflow is detected with alert with 2 choices (app appears in Task manager (Process explorer, actually) in this time), if “terminate” is chosen then app is terminated and dissapear from Process explorer.

My guess if you would disable SB then you’d get same result.

nice contribution ss26

so, is that normal ? is that what actually supposed to be done when buffer overflow is detected ? ???