Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
Comodo and Weaponized Documents
Message
<blockquote data-quote="AtlBo" data-source="post: 809668" data-attributes="member: 32547"><p>That's what I was thinking. Wish the alert would indicate that advanced heuristics generated the block. For now, I think the alert still shows up as HIPs, but I haven't paid attention to the few I have seen with scripts. I know the setting for heuristic command line was formerly in the HIPs section. Thanks for the reply...</p><p></p><p>One other thing, not precisely certain of how Comodo handles all this now. Personally, a document should auto-sandboxed in the case where it accesses a script host. I think this is what happens but not 100% sure. As you say @shum26, maybe it is the dropped file, idk. Maybe it's paranoid, but this kind of document should be auto-closed->reopened->auto-boxed no question in my mind. There are a number of little facts about protection of weaponized documents that seem important to get right and as importantly <span style="color: rgb(184, 49, 47)">present properly</span> on the alert, etc.</p><p></p><p>BTW, I am sure this is in one of CruelSister's vids for all to see lol...</p></blockquote><p></p>
[QUOTE="AtlBo, post: 809668, member: 32547"] That's what I was thinking. Wish the alert would indicate that advanced heuristics generated the block. For now, I think the alert still shows up as HIPs, but I haven't paid attention to the few I have seen with scripts. I know the setting for heuristic command line was formerly in the HIPs section. Thanks for the reply... One other thing, not precisely certain of how Comodo handles all this now. Personally, a document should auto-sandboxed in the case where it accesses a script host. I think this is what happens but not 100% sure. As you say @shum26, maybe it is the dropped file, idk. Maybe it's paranoid, but this kind of document should be auto-closed->reopened->auto-boxed no question in my mind. There are a number of little facts about protection of weaponized documents that seem important to get right and as importantly [COLOR=rgb(184, 49, 47)]present properly[/COLOR] on the alert, etc. BTW, I am sure this is in one of CruelSister's vids for all to see lol... [/QUOTE]
Insert quotes…
Verification
Post reply
Top