Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
Does Comodo FLS protect from DLL hijacking or process injection?
Message
<blockquote data-quote="cruelsister" data-source="post: 890021" data-attributes="member: 7463"><p>Hi Nagisa! Actually the better question is how to PREVENT a dll from getting infected, and this is where the strength of CF comes into play (Containment). Currently the popular method for either reflective dll or PE injection is by means of some script or other (powershell being the most common). Consider something like Netwalker variants which will initiate encryption with a powershell script that inject a dll into explorer. Stop the script will stop the malicious cascade (and CF just loves to kill scriptors). With Containment in Restricted Mode</p><p></p><p>Things like various sorts of Process Hollowing and Process Doppelgänging are also prevented by CF (not that you asked). </p><p></p><p>And good move on killing the HIPS. HIPS (in general) tend to give a false sense of security while pretty much ignoring things like the recently popular trend for malware to use LoLbins (the Ransominater series in the Video section being an excellent example).</p><p></p><p>Oh yeah- good move not bothering with CIS (which has the not needed on demand scanner). As you mention CF has the Cloud and File rating, but having something like WD enabled is also a good idea.</p></blockquote><p></p>
[QUOTE="cruelsister, post: 890021, member: 7463"] Hi Nagisa! Actually the better question is how to PREVENT a dll from getting infected, and this is where the strength of CF comes into play (Containment). Currently the popular method for either reflective dll or PE injection is by means of some script or other (powershell being the most common). Consider something like Netwalker variants which will initiate encryption with a powershell script that inject a dll into explorer. Stop the script will stop the malicious cascade (and CF just loves to kill scriptors). With Containment in Restricted Mode Things like various sorts of Process Hollowing and Process Doppelgänging are also prevented by CF (not that you asked). And good move on killing the HIPS. HIPS (in general) tend to give a false sense of security while pretty much ignoring things like the recently popular trend for malware to use LoLbins (the Ransominater series in the Video section being an excellent example). Oh yeah- good move not bothering with CIS (which has the not needed on demand scanner). As you mention CF has the Cloud and File rating, but having something like WD enabled is also a good idea. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
