Author Topic: Anti-Exploit?  (Read 854 times)

Offline Protected_PC

  • Comodo Loves me
  • ****
  • Posts: 190
  • Protected Completely From Every Threat
Anti-Exploit?
« on: July 31, 2017, 03:02:38 AM »
How about making an Anti-Exploit software & add it to CIS Premium?
Windows 10 Professional/COMODO AntiVirus/Windows Defender Firewall/CSS/CISE

Offline liosant

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 919
Re: Anti-Exploit?
« Reply #1 on: July 31, 2017, 08:24:28 AM »
How about making an Anti-Exploit software & add it to CIS Premium?

CIS is an anti-exploit.
Except exploits advanced or those that do not need a malicious file, injector ... (it is not exclusive of the comodo)
Businessmen take care of companies, COMODO protects data from businessmen companies

Offline Yousername

  • Comodo's Hero
  • *****
  • Posts: 236
Re: Anti-Exploit?
« Reply #2 on: July 31, 2017, 01:21:19 PM »
In terms of exploits, if the malware or whatever payload is stopped, the exploit is useless:
https://www.youtube.com/watch?v=-67XzZCTgmM

Video from egemen remotely attacking and injecting into a Comodo protected computer (I assume the injection is the DoublePulsar exploit) using an SMB exploit. Comodo stopped the malware which was delivered by the exploit -> attack is rendered useless.

In terms of code injection, Comodo has two methods of protection against this, one of them is detection of shellcode injections. Many injection techniques use a shellcode injection like process hollowing, this feature should block those (based on my understanding, if you are an expert feel free to correct me). Another protection feature that Comodo has for injections is interprocess memory access protection in the HIPS, this prevents applications from modifying the memory space of other applications -> some injection techniques don't need a malicious file to be dropped and operates only within the memory space -> this feature stops that from happening.

In terms of things like Office exploits, Comodo's embedded code detection will pick them up as well as "fileless," interpreter based malware.

So overall, Comodo is already well-equipped against exploits. While it doesn't directly protect against them, the damage which the exploits try to achieve are stopped. Therefore adding an anti-exploit will add basically nothing to overall protection and will just be bloat -> it is a zero-sum game.

Also, the best two anti-exploit and the most overlooked ones are: Standard User Account and Windows Update  ;D.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek