Thank you Defense+!!!

A couple of days ago one friend of mine had to format his PC because a variant of Bagle virus. It was a file downloaded in P2P, and no AV was able to detect it. He uses Nod32, SAS and AVG and no alerts appeared. Then, BSODs, and Nod32 and CFP become unusable (is not a win32 valid application and no way to reinstall them).

Yes, he was using CFP 3.0 but without Defense+. So I was so sure that Defense+ will protect me that I run that file on my laptop. And, of course, the alerts started. First that program wanted to get debug privileges, then tried to write files on system32\drivers, system\drivers\downld, install lots of hooks, access memory of CFP, modify registry keys… I blocked all with Defense+ and my computer stays clean!

No need to say that he is using now Defense+ on his formatted computer!

By the way, with last yesterday update, NOD32 is able to detect this very nasty Bagle variant. Finally, the bad news. BOclean 4.25 was running but was not able to detect anything (maybe because Defense+ was blocking all, I don’t know).

And, as I said, CFP was killed by Bagle when allowed to install. I have read that this nasty was able to kill also SAS when scanning, Outpost Firewall, even deletes the whole Kaspersky group program! Also desactivates Vista security center…

Anyway, thanks again Comodo team for this incredible HIPS called Defense+. Now I know that I’m SAFE.

Thank you for this post Coltrane!

This is exactly what Defense+ is designed to do! To PREVENT Malware!

The difference between Detection vs Prevention is very clear. Day Zero attacks CAN NOT be prevented by detection based technologies!

This is an excellent story clearly showing the power of our technology and we look forward to many more stories like this.



That’s a very interesting story. Seems like it tried to create some drivers, and then load them, which gives it the ability to terminate ANYTHING (even winlogon.exe and the System process, which might’ve caused the BSOD’s).
Nothing can be protected from termination by a driver (as it runs in kernel mode), so it’ll kinda be able to do anything on your computer, but with CFP 3 (and Defense+), you’ll be able to prevent the creation and loading of the driver :wink:

At least it does something good :slight_smile: