Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
Comodo and Weaponized Documents
Message
<blockquote data-quote="AtlBo" data-source="post: 810021" data-attributes="member: 32547"><p>No idea on either, [USER=37647]@shmu26[/USER]. I never got so far as you have with the analysis. I added to the list based purely on curiosity and for testing purposes. Now that you make mention of the fact, I have never noticed a single tempscrpt alert from Comodo that wasn't generated by a file based script. Also, I don't recall any activity being generated from any of the processes I added to the list, even file based. I don't personally know of a way to test this at this time.</p><p></p><p>I use NVT OSArmor to filter all command line at this point. Would you say this is enough to handle the in memory scripts you are referencing? Curious if you would be comfortable saying here in a thread which programs you run that reference .dlls this way. I'd like to know, so I could perhaps test better.</p><p></p><p>You mention Hard Configurator. Will this application "filter" in memory command lines? I would definitely like to look into this more. I used to value NVT ERP for this. I think this will do as you say with in-memory. One question about ERP, I wonder if there is a way to set v4.0 up to monitor only vulnerables.</p><p></p><p>EDIT...forgot to say. HC-L is just my vague reference to all of the protections in the "heuristic command line analysis" setting area. Think it's now under "Script Analysis" in "Advanced Protection". Apologies for any confusion. I have both protections enabled for all of the processes for the record as indicated in the picture.</p></blockquote><p></p>
[QUOTE="AtlBo, post: 810021, member: 32547"] No idea on either, [USER=37647]@shmu26[/USER]. I never got so far as you have with the analysis. I added to the list based purely on curiosity and for testing purposes. Now that you make mention of the fact, I have never noticed a single tempscrpt alert from Comodo that wasn't generated by a file based script. Also, I don't recall any activity being generated from any of the processes I added to the list, even file based. I don't personally know of a way to test this at this time. I use NVT OSArmor to filter all command line at this point. Would you say this is enough to handle the in memory scripts you are referencing? Curious if you would be comfortable saying here in a thread which programs you run that reference .dlls this way. I'd like to know, so I could perhaps test better. You mention Hard Configurator. Will this application "filter" in memory command lines? I would definitely like to look into this more. I used to value NVT ERP for this. I think this will do as you say with in-memory. One question about ERP, I wonder if there is a way to set v4.0 up to monitor only vulnerables. EDIT...forgot to say. HC-L is just my vague reference to all of the protections in the "heuristic command line analysis" setting area. Think it's now under "Script Analysis" in "Advanced Protection". Apologies for any confusion. I have both protections enabled for all of the processes for the record as indicated in the picture. [/QUOTE]
Insert quotes…
Verification
Post reply
Top