This is why you need Buffer Overflow Protection!!

Comodo Internet Security - CIS News / Announcements / Feedback - CIS
#1

I came across a morph malware. Silly enough, I ran it to Test the AV if it was detected, and more specifically… Defense+. I wasn’t thinking about Memory Firewall, I know Memory Firewall is in D+, Anyway… But when I did save and run it, D+ immediately alerted me of a BO Attack! I then terminated the morph malware.

This is only one example… But this is why you do need Buffer Overflow Protection, And Comodo is the very to few to have this protection built it! Melih dosen’t give out research info for the sake of it, It’s just a proven fact that BO attacks are so common, even though you may NOT realize it - it is. If a user just had an AV on there machine, they will be infected just because there was no signature for the malware/Buffer overflow attack, Time to change to Prevention, And yes Memory Firewall is also prevention too!

Screen shot attached. It was pretty sweet.

Cheers,
Josh

[attachment deleted by admin]

#2

It’s amazing that Comodo offers this protection, for free! :BNC

Makes you think why more people don’t use CIS…

Hows that new GUI coming along? (:WIN)

(V)

#3

If something like that is accidently allowed is there a way to stop it?

#4

Does Buffer overflow remain active if you move Defense+ slider to disabled or if you permanently disable Defense+ ?

#5

It is still active when D+ is software disabled by the slider but I’m not sure it’s active when D+ is permanently disabled. I’ll see if I can find out and post back here.

Ewen :slight_smile:

#6

Thanks. Because i don’t like Defense+ but BO protection is still useful and would like to have it enabled even though Defense+ is not.

#7

@RejZor. Did you try Panic’s suggestion? I am curious to the outcome… (:NRD)

#8

[at] EricJH :wink: :slight_smile:

https://forums.comodo.com/feedbackcommentsannouncementsnews_cis/with_cis_ver_3864263468_we_have_widened_the_gap_against_our_competitors-t34371.0.html;msg249053#msg249053

Check that post and the post below it about the BO protection and turning off D+…

#9

Thx… when I read it I knew I had read it while browsing the forums… how silly is that?

#10

That was very silly EricJH! (:HUG) (:LGH)

#11

If something is flagged with as BO and it is accidently accepted is there any way to undo that action? What are the risks of allowing it.

#12

That’s the point…
D+ will catch it anyway.

#13

No, the BO attack would run…

However if that application was to be in a BO attack again, you would get a new alert as long as “skip this application in the future” is NOT checked…

then you would manually have to remove that application from the BO protection list to get an alert for it…
(you find that under D+> advanced > image execution contrl… > exclusions… :slight_smile:

Anyway, this is why CIS is building a “cure” also, to let you if you accidentally let something run, or intentionally since you think the application is good, heal the infection and the potential harm it might have coursed… :wink:

#14

Of course the BO would run, I didn’t say anything contrary. Nevertheless D+ will catch the malware because of it’s behavior, e.g. modifying other processes and so on…

#15

Thanks, you guys are so helpful (:HUG)

#16

Reply from Egemen

I depends on D+ being active. Instead of disabling permanently, users can uncheck the monitor settings to disable relevant protections.

Cheers,
Ewen :slight_smile:

#17

I believe that memory firewall independent from defense+ is the best solution.