CFP Defence Plus - a bit weired HIPS?

Another guess - maybe it's the code in the drivers of ThreatFire that modifies the processes, in which case you would get no alerts.

 

Ok, I have done some testing with CFP D+, AppDefend and EQSecure. My observations are interesting.

I guess that when Defence Plus gives a pop up that " Application A is trying to access memory of application B", it means one of the three( or more?) things:

1- Application A is trying to modify the memory of application B or
2- Applications A is trying to create remote thread in application B or
3- Application A is trying to terminate/ suspend thread in application B

Now see the alerts given by CFP Defence Plus, AppDefend and EQSecure about behaviour no. 1 and 2( Modify memory and Create remote thread). They are exactly same.

In case of Memory Modification, current( active) application is Explorer.exe while target application is Iexplore.exe. See Pic

In case of Create Remote Thread, current( active) application is PokapokaC.exe while target application is Services.exe. See Pic

 

Now until this point everything is as expected atleast for me. Confusion arises when whe see the popup alerts about Terminate/ Susppend thread- behaviour no.2.

EQSecure and AppDEfend show that current( active) application is TFservice and target applications are Explorer.exe and Iexplorer.exe.

CFP on the other hand shows that current( active) application is Explorer.exe and Iexplore.exe and target application is Tfservice.exe. See Pics.

It,s a thing I can,t understand. I guess CFP may be wrong here. I almost remember the alerts by System Safety Monitor to be also same as those of EQS and AD.

 

Funny, but you thought wrong. In other posts I have already explained my view on this. Do I really need to explain it to you again?

I already have enough holes in my setup, but the question is how big the chance is that I will ever execute malware who will take advantage of this.

 

Typically the odds are in your favor.... However, have you eard of Murphy's law?

 

Aigle check the comodo forum. Egemen replied and according to him comodo is smarter than app defend and eqsecure by putting alerts by higher priorities.

 

Yes I checked it. For any one interested, here is the discusssion on their forums.

http://forums.comodo.com/empty-t20249.0.html

 

Yes, please do. I must have missed it.

I personally feel if you are a big fan of "dumb hips", the more alerts and the more things you monitor the safer you are. Do you disagree?

How big?

Simple. It's 50-50.

Either you get hit by something that exploits this, or you don't.

 

Hello Rasheed and Lusher! with due respect, I think u are way off topic. I personally don,t mind OT but ur discussion seems to be of no interest to any one. It semms more of a personal 'war'.