There seems no way to control driver install by services.exe via CFP. Even with all custom rules with Proactive Security and Paranoid Mode I can,t monitor drivers installation by services.exe because as soon as I reboot my PC and a legit system driver is installed/ loaded by services.exe during reboot, CFP not only allows it but also adds a global driver install/ load rule by services.exe in CFP application rules.
It,s so disappointing. For me it,s not a good architecture. Hope it can be fixed in next versions.
[attachment deleted by admin]
But why would you want to deny the installation of a legit driver? Won’t the system be unable to boot properly if it’s drivers are not loaded?
I have seen malware loading driver through services.exe.
I strongly suggest to COMODO revising their services.exe attitude. While the way CIS is handling these behaveiors isn’t much of a problem, something is wrong in the handling that can cause a lockdown of death after selective registry key access is allowed. I launched wisptis.exe by using msn messenger’s handwrite tab and COMODO asked to allow some CurrentControlSet access to services.exe.
From then on the comp slowly died with everything freezing up and nothing not even task manager popped up. My solution was to allow “*” under reg keys and basically configure services.exe to allow everything as if it were a “Windows System Application” policy, even though the policy itself cannot be set for services. That solved my problem but I’m still puzzled as to why CIS locks me down if I ALLOW whatever I am asked to allow to services.exe. CIS never failed to comply with D+ rules. What’s different about services?