D
Deleted member 178
Thread author
because of that : http://malwaretips.com/Thread-Comodo-I-S-5-8-FINAL-vs-Trojan-Win32-GPCODE-comodo-bypassed-by-acafacaa1?pid=26882#pid26882
those are the steps you can do:
link: https://forums.comodo.com/leak-testingattacksvulnerability-research/weakness-of-the-gpcode-t65960.0.html;msg512678#msg512678
in addition you can add this on blocked file to block it: *_CRYPT and protect your file by adding them to Protected Files and Folders (D+ tab) in this method: *.jpg|
jpeg can be substituted by any extensions but the | sign MUST be put behind it so that sandboxed apps can't modify the extension.
and also doing this:
https://forums.comodo.com/news-announcements-feedback-cis/comodo-58-bypassed-by-trojan-gpcode-t77548.0.html;msg554632#msg554632
those are the steps you can do:
Hi Guys,
Let me comment on this one more time. First of all, if configured, CIS can very well protect against this and any other threats proactively.
First lets see what this gpcode does: It gets to the users computer drive by download and searches for the files in users harddisk. It then encrypts all picture and text files i.e. damages some non-OS-essential files.
Is this a threat to the user ? YES!
Is this a real threat to be prevented ? YES!
Does CIS prevent against this now? YES!
Then how does COMODO protect against this BY DEFAULT. By default, antivirus detection is enough to detect gpcode and any of its variants. Lets not make false comments by saying CIS does not protect its users against gpcode. CIS DOES prevent against the REAL threat wih its antivirus right now.
Now lets talk about preventing this proactively.
Is there a way to configure CIS to prevent this proactively? YES.
Method 1: Add you sensitive files/folders to CIS protected files list and you are done. For example, you can add My Documents, My Pictures folders or *.doc, *.txt, *.jpg etc. to your protected files list and it can be protected.
Method 2: Always run your WEB browsers in COMODO Sandbox by adding them to Sandbox pemanently. And while doing this, make sure File system and registry virtualization are both enabled. If you do this and accidently get gpcode or something like gpcode or actually any virus from WEB, they will be running in a virtual file system and hence they can not acess your files or folders.
You can also directly run GPCODE with right-click menu in CIS sandbpx and you will see it cant do anything.
Ofcourse CIS is capable of preventing it proactively as of now. However, these settings are not configured by default.
So why is COMODO not making an immediate HACK to prevent this proactively. Some other products are preventing it already.
We do not need to make a HACK but offer you a proper solution which is proven to prevent this and any similar threat while not affecting your daily work with your computer.
The proper solution is the active file system virtualization of *SOME* automatically sandboxed applications by default. Yes, we are right now working on this kind of a ideal automatic sandbox which is going to be in CIS 6 and will work similar to method 2.
It is NOT a HACK but a properly engineered solution that *avreage joe* wont have problems when CIS is installed.
It takes 10 minutes to write a HACK which simply checks each applications right to enumerate files and folders and thats it. You are there. And what would be the cost? Joe's photo editor will create a popup asking him if he wants some application to list files. Or Marry, while his new MP3 player builds a playlist, it might conflict.
link: https://forums.comodo.com/leak-testingattacksvulnerability-research/weakness-of-the-gpcode-t65960.0.html;msg512678#msg512678
in addition you can add this on blocked file to block it: *_CRYPT and protect your file by adding them to Protected Files and Folders (D+ tab) in this method: *.jpg|
jpeg can be substituted by any extensions but the | sign MUST be put behind it so that sandboxed apps can't modify the extension.
and also doing this:
https://forums.comodo.com/news-announcements-feedback-cis/comodo-58-bypassed-by-trojan-gpcode-t77548.0.html;msg554632#msg554632