A couple of days ago one friend of mine had to format his PC because a variant of Bagle virus. It was a file downloaded in P2P, and no AV was able to detect it. He uses Nod32, SAS and AVG and no alerts appeared. Then, BSODs, and Nod32 and CFP become unusable (is not a win32 valid application and no way to reinstall them).
Yes, he was using CFP 3.0 but without Defense+. So I was so sure that Defense+ will protect me that I run that file on my laptop. And, of course, the alerts started. First that program wanted to get debug privileges, then tried to write files on system32\drivers, system\drivers\downld, install lots of hooks, access memory of CFP, modify registry keys… I blocked all with Defense+ and my computer stays clean!
No need to say that he is using now Defense+ on his formatted computer!
By the way, with last yesterday update, NOD32 is able to detect this very nasty Bagle variant. Finally, the bad news. BOclean 4.25 was running but was not able to detect anything (maybe because Defense+ was blocking all, I don’t know).
And, as I said, CFP was killed by Bagle when allowed to install. I have read that this nasty was able to kill also SAS when scanning, Outpost Firewall, even deletes the whole Kaspersky group program! Also desactivates Vista security center…
Anyway, thanks again Comodo team for this incredible HIPS called Defense+. Now I know that I’m SAFE.