what programs are “safe” enough to put on the excluded application list? there are lots of buffer overflows for “good” programs, like explorer.exe or firefox.exe, so if we can’t trust the good ones not to give us a BO, what can we trust?
Pretty much doubt that your explorer.exe or firefox.exe BOs actually are false positives. As for what to add, Java and OO.org is well known to cause issues.
I would keep the exclusion list clean. Only add something if it is being flagged as dangerous when you know for sure it really is safe.
I think you are missing how CMF works… There’s nothing flagged dangerous when it’s safe, this tool detects buffer overflows, ret2libc attacks and corrupted/bad SEH chains in real time as they happen. The only purpose of the exclusion list is to add executables that tend to be incompatible with CMF.
sorry, my wording was obviously misleading. it was not my intent to say that i got false positives. i meant to say that BOs have been reported online for programs that are not natively malicious. i’ve not had a BO yet on my system.
[ at ]all
thanks for all the feedback. i’ll keep my list clean, then (until provoked to add an incompatible file ;D)
Once again, the purpose of CMF is NOT to detect malicious applications but to stop buffer overflows and similar attacks which attempt to exploit vulnerabilities in real time (similar to DEP).
doesn’t detect malicious applications; detects applications acting maliciously–semantic clearity noted :THNK
I’d suggest reading this article, you might get a better idea of how CMF works and what it protects against… 