Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
Comodo and Weaponized Documents
Message
<blockquote data-quote="AtlBo" data-source="post: 810014" data-attributes="member: 32547"><p>I'm not relying on it HC-L, but I feel like it's the actual beast in the barrel if you will with Comodo. By this I mean, "is it the pivot point around which the whole protection revolves?" For me it seems so, because it is really is the only first defense against in memory script activity from an exploit. This is a super good warning of a potential problem, and, also, it separates the command line activity from the files already on the system->gives the command line its own file, even if the script existed only in memory.</p><p></p><p>Just for the record, it works. I have scripts that run once in awhile for various things, and they will once trigger the HC-L alert, until I allow and remember. Bascially, a tempscrpt file is created in the Program Data->Comodo->CIS directory. This file is a snippet of the code or whatever, but Comodo won't let the code execute without referencing its rules for the snippet. So Comodo treats the tempscrpt file as a file, and it gets its own rules. As you say [USER=37647]@shmu26[/USER], none of this is explained to users, even though some may need to take their security to deeper a level.</p><p></p><p>I am not 100% sure what was meant by the Comodo agent when explaining how to use HC-L with PowerPoint. Otherwise, not having any luck achieving what interested me the most in the thread...that is autocontain of certain types of documents. Think it's kind of an interesting way to think. Obviously a loaded file might be of any type if there is an application that will open the file. However, the common ones are far and away the most widely abused, so. I know I can just sandbox Microsoft Office. I'd still like that to be on a file type basis though.</p><p></p><p>I suppose I could be creating a completely virtual doomsday scenario for myself from the idea of "in memory" threats. With a program like Comodo, HC-L is not all there is to the protection. I do think its presence helps clear up confusion about the use of cmd.exe and the others that are in the list. So, personally, the protection seems important to me. Anyway, I might look at Hard Configurator for that control [USER=37647]@shmu26[/USER] so thanks. I don't turn them off, however. By the way, here is the list the way it looks on my PCs. Suprisingly, I get very few alerts from this dialog. Not 100% sure of the dynamic behind the protection. This primarily came from the old bouncer vulnerables list:</p><p></p><p>[ATTACH]212422[/ATTACH]</p></blockquote><p></p>
[QUOTE="AtlBo, post: 810014, member: 32547"] I'm not relying on it HC-L, but I feel like it's the actual beast in the barrel if you will with Comodo. By this I mean, "is it the pivot point around which the whole protection revolves?" For me it seems so, because it is really is the only first defense against in memory script activity from an exploit. This is a super good warning of a potential problem, and, also, it separates the command line activity from the files already on the system->gives the command line its own file, even if the script existed only in memory. Just for the record, it works. I have scripts that run once in awhile for various things, and they will once trigger the HC-L alert, until I allow and remember. Bascially, a tempscrpt file is created in the Program Data->Comodo->CIS directory. This file is a snippet of the code or whatever, but Comodo won't let the code execute without referencing its rules for the snippet. So Comodo treats the tempscrpt file as a file, and it gets its own rules. As you say [USER=37647]@shmu26[/USER], none of this is explained to users, even though some may need to take their security to deeper a level. I am not 100% sure what was meant by the Comodo agent when explaining how to use HC-L with PowerPoint. Otherwise, not having any luck achieving what interested me the most in the thread...that is autocontain of certain types of documents. Think it's kind of an interesting way to think. Obviously a loaded file might be of any type if there is an application that will open the file. However, the common ones are far and away the most widely abused, so. I know I can just sandbox Microsoft Office. I'd still like that to be on a file type basis though. I suppose I could be creating a completely virtual doomsday scenario for myself from the idea of "in memory" threats. With a program like Comodo, HC-L is not all there is to the protection. I do think its presence helps clear up confusion about the use of cmd.exe and the others that are in the list. So, personally, the protection seems important to me. Anyway, I might look at Hard Configurator for that control [USER=37647]@shmu26[/USER] so thanks. I don't turn them off, however. By the way, here is the list the way it looks on my PCs. Suprisingly, I get very few alerts from this dialog. Not 100% sure of the dynamic behind the protection. This primarily came from the old bouncer vulnerables list: [ATTACH]212422[/ATTACH] [/QUOTE]
Insert quotes…
Verification
Post reply
Top