Comodo I.S. 5.8 FINAL vs. Trojan.Win32 GPCODE ( comodo bypassed

It's the same path. Documents and Settings is a protected folder that applies to all user folders I believe.

 

Hey Harsha,


My mistake. I made a typo when I first posted the locations to be protected for OSes post-Windows Vista [which includes Windows 7 for that matter].
C:\documents and settings is for pre-Vista OSes [e.g., 2000 and XP]. This nomenclature changed after the release of Vista back in 2006 and was kept unchanged for win 7 [ in my opinion, 7 = Vista SP-1 improved].


See this article: ----http://www.blogtechnika.com/what-is-application-data-folder-in-windows-7 --------

Hope this clarify the confusion I created with my earlier posts.





Carlos

 

Documents and Settings/ still exists in Vista/7 - it's just protected

 

It does exist, indeed! but our friends from Redmond decided to name it :

C:\Users\*\AppData\local\

where * is a wildcard that corresponds to the actual user logged in.


Please, correct me if I'm wrong. I might.


Carlos

 

I think it's a reference folder to the /Users/ that's a remnant of XP. It's almost impossible to delete.

 

I tried a lot with them with my thread over there but they simply refuse to fix it.

My Q is, if some one, like me, is using CFP just as a pure classical HIPS( Defence Plus only, no Sandbox, no AV), CFP is not able to defend against Gpcode and Blackday trojan or other similar ransomware but OnlineArmor can do it very well. They damn care!.

 

exactly

 

i wonder how well will spyshelter do with this type of malware?

 

What about simply adding C:/Users/* to the protected files & folders?

 

That would then include things like your documents and downloads folders and just a ton more stuff you probably don't want blocked.

 

And I'm sure if you turned off 99% of the features in Online Armor it would fail as well.

The fact is that CIS defeats both of these malicious files through its definitions/heuristics.

 

Hmm on my old laptop I always added the User folder.. never had problems with it.

 

I would like to know what were your results with OA

 

See my thread over there at comodo forums.

 

You did not understand my thread at all.

 

Any link?
Or whats your username over there and on what section you posted it

 

As you wrote previously, during a test you found the AV picks it up and the manual sandbox breaks it.
OA doesn't have a sandbox nor an AV. What features would then have to be switched off to compare it to CIS? It's HIPS?
That would be stretching it a bit, don't you think?

 

Probably because I didn't read it. If I did I don't recall.

If CIS's goal is to defend you that's what it does in this case.

 

Did a little search and found the thread, really interesting and it's nice to see OA working properly (Since i use it)

 

Also CIS works properly... it's just that this guy disabled the AV (and I belive now also D+ detects this).

 

D+ has detected it for a while both with the HIPS and with the heuristics.