Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
Comodo and Weaponized Documents
Message
<blockquote data-quote="shmu26" data-source="post: 809921" data-attributes="member: 37647"><p>This will work <strong>only </strong>if the "other commands" are enabled for embedded code detection. By default, many important script interpreters do not have it enabled. For instance, Windows Script Host does not have it enabled. Cmd.exe does not have it enabled. Mshta does not have it enabled. Clearly, the default script protection is weak, as compared to other advanced security softs such as NVT ERP and VoodooShield and others.</p><p></p><p>Furthermore, I have yet to see a single test dedicated to embedded code detection. It sounds great on paper, but how well does it work? If you try to trigger it by running various scripts, you will see that its behavior is hard to understand.</p><p>For instance, rundll32 is enabled for embedded code detection. But what file type is associated with it? Obviously, this rule is not triggered every time a dll runs. So when is it triggered?</p><p>This brings me to the larger question: which LOL bins can be controlled by embedded code detection, and which not? The list is customizable, but we need guidelines for what works and what doesn't.</p><p></p><p>I personally am not super impressed by Comodo script protection. I rely on Hard_Configurator for that. I tried to get clarification on the Comodo forum, but they turned unfriendly pretty fast.</p></blockquote><p></p>
[QUOTE="shmu26, post: 809921, member: 37647"] This will work [B]only [/B]if the "other commands" are enabled for embedded code detection. By default, many important script interpreters do not have it enabled. For instance, Windows Script Host does not have it enabled. Cmd.exe does not have it enabled. Mshta does not have it enabled. Clearly, the default script protection is weak, as compared to other advanced security softs such as NVT ERP and VoodooShield and others. Furthermore, I have yet to see a single test dedicated to embedded code detection. It sounds great on paper, but how well does it work? If you try to trigger it by running various scripts, you will see that its behavior is hard to understand. For instance, rundll32 is enabled for embedded code detection. But what file type is associated with it? Obviously, this rule is not triggered every time a dll runs. So when is it triggered? This brings me to the larger question: which LOL bins can be controlled by embedded code detection, and which not? The list is customizable, but we need guidelines for what works and what doesn't. I personally am not super impressed by Comodo script protection. I rely on Hard_Configurator for that. I tried to get clarification on the Comodo forum, but they turned unfriendly pretty fast. [/QUOTE]
Insert quotes…
Verification
Post reply
Top