Wildcard rule for Embedded Code Detection?

Is it safe for adding the entry “**.exe” under Script Analysis List with Embedded Code Detection enabled for it? I mean will it cause problems with applications? Also will it work for all vulnerable applications making Comodo intercept all kinds of Fileless Exploits?

when hips enabled it shows alerts frequently

Yes it’s DEFINITELY not a good idea to enable it for all applications - Tested and it blocked omni.ja when opening Mozilla Firefox.

At least we can still add selected vulnerable processes for Script Analysis such as the ones mentioned in this Wish.

According to a Comodo staff member they will discuss if they will expand the list to include more processes. I think there is a high probability they will include more processes by default on the list.

It doesn’t work that way, even if you enable embedded-code detection for every default listed application, it only works for a few of them. Comodo would need to specifically implement embedded-code detection for a given application, only heuristic command-line analysis will work for any application you add.

Well at least I hope they will implement it for other applications/add more processes in the list? I’ve seen some Malware abusing wmic.exe or nslookup.exe and a few other legitimate things which aren’t on default list, if you check the news at Security Affairs or Bleeping Computer about fileless malware attacks you can get an idea about what is being used for attacking. I think it is in their roadmap to implement Embedded Code Detection for other apps.