Comodo Defense+ fails to stop drivers from loading

Would be nice, because I tried to catch these prompts also a few days ago and didn't find any... because there are none.
All I have seen was only this "create file" and "modify reg key" stuff from your prompts.
However, I realized, that KIS simply lacks of the needed features...
Just take a look at the Outpost prompts and you'll know what I mean.
https://www.wilderssecurity.com/showpost.php?p=1526985&postcount=18

BTW do you suffer from OA fixation?

Cheers

 

Those Outpost prompts are EXCELLENT imo!

 

Dregg Heda

Hi, yes it does, but obviously if for example you set to intercept .EXE's then it would interfere with your normal Apps.

So the idea is to include only the types that arn't usually required, that can still be used by Malware to try and sneak in. EG - .BAT .COM .VBS etc etc.

It comes with several extentions already included, and you add in whatever you want like this.

,.WMF,.





I recommend that you give it a spin as it only takes a few minutes to be up and running, and then you can see for yourself how effective it really is.

It even come complete with a test VBS script - test.vbs - Double click on it and watch SD leap into action.

 

Alright, Thanks for that Stevie!

 

An example of a red HIPS warning regarding driver load (notice the same notation "Prompt for privileges" as in previous popups screens)...

Unrelated to VCD, but some real malware. The popup is red and mentions driver load, instead of yellow and mentions registry access.
PDM warnings about driver load are always red BTW (but PDM doesn't fit the HIPS-only rule)

 

Yes, this is a PDM prompt about "hidden drivers install".
So your goal is now to modify the Virtual CD installer for a hidden driver installation or to modify KIS to show appropriate prompts for not so hidden driver installations.

Cheers

 

Sorry, but... this has nothing to do with either PDM or VirtualCD. That popup posted in my previous post is a true HIPS (Application Filtering/Control) popup coming as a result of some malware actions (loading a driver).
This is how a PDM driver load popup looks like...


...notice the differences in the popup structure/options/captions? And no, the popups above haven't been tampered with, or any of the HIPS settings changed.

 

Ok, you may be right related 'not a PDM prompt'.
However, KIS is really a cunning fellow and a master in confusing ambiguity when it comes to prompts.
And as said before, there are no matching prompts for the Virtual CD drivers because KIS simply lacks of the needed features.

Cheers

 

Why should a behavior blocker like PDM interfere when a signed driver is loaded via an unsuspicious (?) way?