Author Topic: Anti-Exploit?  (Read 349 times)

Offline Protected_PC

  • Comodo Loves me
  • ****
  • Posts: 145
  • Protected Completely From Every Threat
Anti-Exploit?
« on: July 31, 2017, 03:02:38 AM »
How about making an Anti-Exploit software & add it to CIS Premium?
Windows 10 Professional/COMODO Internet Security Premium

Offline liosant

  • Comodo's Hero
  • *****
  • Posts: 827
Re: Anti-Exploit?
« Reply #1 on: July 31, 2017, 08:24:28 AM »
How about making an Anti-Exploit software & add it to CIS Premium?

CIS is an anti-exploit.
Except exploits advanced or those that do not need a malicious file, injector ... (it is not exclusive of the comodo)
Command prompt is opened by secure applications, but secure applications can be used by malware or unknown files to run command lines

Offline Yousername

  • Comodo's Hero
  • *****
  • Posts: 233
Re: Anti-Exploit?
« Reply #2 on: July 31, 2017, 01:21:19 PM »
In terms of exploits, if the malware or whatever payload is stopped, the exploit is useless:
https://www.youtube.com/watch?v=-67XzZCTgmM

Video from egemen remotely attacking and injecting into a Comodo protected computer (I assume the injection is the DoublePulsar exploit) using an SMB exploit. Comodo stopped the malware which was delivered by the exploit -> attack is rendered useless.

In terms of code injection, Comodo has two methods of protection against this, one of them is detection of shellcode injections. Many injection techniques use a shellcode injection like process hollowing, this feature should block those (based on my understanding, if you are an expert feel free to correct me). Another protection feature that Comodo has for injections is interprocess memory access protection in the HIPS, this prevents applications from modifying the memory space of other applications -> some injection techniques don't need a malicious file to be dropped and operates only within the memory space -> this feature stops that from happening.

In terms of things like Office exploits, Comodo's embedded code detection will pick them up as well as "fileless," interpreter based malware.

So overall, Comodo is already well-equipped against exploits. While it doesn't directly protect against them, the damage which the exploits try to achieve are stopped. Therefore adding an anti-exploit will add basically nothing to overall protection and will just be bloat -> it is a zero-sum game.

Also, the best two anti-exploit and the most overlooked ones are: Standard User Account and Windows Update  ;D.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek