System Shutdown Simulator

I tried this out and Comodo .295 fails the HIPS protection part of this test. Anyone know why? I tested Online Armor with my buddy and it passed the HIPS test.

For me CFP 3.0.16 passes HIPS part of test.

goodbrazer, did you click Shutdown Computer after Intercept System Shutdown Call? I think it’s supposted to halt the shutdown for a while, so that the malware can run. But it will shutdown the security applications.
Anyways, for me it succeeds to create the eicar test file (but it’s a .com-file, so you won’t get any alert), fails to create autostart registry keys, and of course it fails to download and execute the test file :wink:


I tried both variants: as you can see in SSS window you can either click start → shutdown or click special button in SSS window.

I knew the result would be same, but checked it just in case. So D+ passes HIPS test.

If you define desktop of your user account under “my protected files” there would be alert from D+ about SSS tries to create Eicar file.
Image execution: normal; train/w safe mode; files to check *exe, *bat (default values).

Maybe its something with my config, but it cant shut down cfp regardless the time I wait. All other tray applications are shut down. For me cfp passes the test. And about the eicar file…I receive no alerts from defense+, as it is blocked by avira (the tray icon is not there, but actually avira remains active) I have also tried both ways of shutting down.

It failed the HIPS part of the test for me. Not the shutdown part.

Actually I think you can’t fail the shutdown part. It is not testing that. Btw what is your defense+ setting?

Clean PC Mode.

Question is: Is there interface (hook) which can prevent “Interception of shutdown call” and “shut down computer”?
Please answer…

I tried .295 and .277 with fresh installs and both fail the HIPS test. Auto start created. (:SAD)

Ok. If you were in cleanpc mode, and the SSS was on your machine prior installing cfp, it was learned as a safe app. Try putting cfp to train with safe mode and delete all the auto created rules both in the firewall and the computer security sections.

Or you can try another fresh install, but after uninstalling cfp delete sss from your computer too…And only redownload it after cfp was reinstalled. This way it should intercept it even in cleanpc mode.

I will try that but I ran downloaded this test after already having .285 installed for days. Have you tried running it?

yes. And I passed all parts of it. Have you installed cfp with defense+ on full settings?

Ok I did a complete uninstall of Comodo and all registry entires. I made about 3 clean boots and then reinstalled Comodo and the HIPS test passed.


Ok good to hear…
Nice job :■■■■