termination protection

Drew99GT · February 24, 2008, 8:33pm

Does 4.25 have it? I read all the time that Boclean’s major weakness is it can be shut down with ease and is on lists of malware that defeat it. But, in the documentation on Comodo’s site, it says:

“Protects itself from malware tampering or shutdown”

Hmmmmmm. Thoughts?

asker · February 25, 2008, 12:46pm

Hi. I do not know if it has any capabilities of protecting itself from being shut down or terminated, but I can easily terminated it from the taskmanager. NOT GOOD, not good.

Melih · February 25, 2008, 2:35pm

it is a good practice to let “one” application to provide all the protection like termination protection etc rather than build these into each and every product.

let me explain why:

In order to provide these kind of protections you really have to hook the kernel (internals of the OS). And if more than one application has hooked it, then you will cause instability issues. This is why within our product range we offer this via CFP v3 where V3 can provide protection for any application you like. This is a better way of doing it to avoid conflicts and unstability.

hope this explains.
thanks
Melih

Jim1 · February 25, 2008, 11:08pm

Melih,
Can you tell us of how to configure CFP V3 so that it protects BOCLean from being terminated?

egemen · February 26, 2008, 3:34am

hi,

1 - Go to Defense±>Advanced->Computer Security Policy
2 - If BOClean executables are there, double click on them and go to Step 5
3 - If BOClean executable is not there, click on “Add” Button
4 - Select->Running Processes and Choose BoClean process
5 - Click On “Protection Settings” link
6 - Select “Yes” for “Process Terminations” row

Press apply until all the windows are closed. Now CFP should be protecting the selected pplication against process terminations.

Egemen

Jim1 · February 27, 2008, 2:54am

egemen,
Thanks for the information. The Firewall itself has this protection. I seems ashame that Comodo doesn’t provide this protection for its other products “out of the box”.

Melih · February 27, 2008, 3:54am

Jim

Pls refer to my post above about the reason why it makes sense to only have one application with that ability in any given pc
thanks
Melih

Jim1 · February 28, 2008, 1:46am

Melih,
I think you misunderstood my comment (which on reading isn’t very clear). I don’t have a problem with only CFP providing the protection (in this case termination protection). CFP will only do this however if it is configured to provide this protection. By default it protects itself. It would be nice of other Comodo products would automatically configure CFP to provide protection rather than require the user to have to make advanced configuration changes to invoke the added protection for other Comodo applications.

Jim

Melih · February 28, 2008, 1:59am

oh I see… yes good idea indeed.

Melih