DDL injection alerts by Comodo FW

I am using Comodo FW since abouta year and I see an option to alert for dll injactions in Comodo but I never got an alert from Comodo about this while SSM gives a lot of such alerts? Can anybody tell what I am misssing here? Are u people getting such alerts? Any screenshots?

Thanks

 

Any Comodo users?

 

My guess would be, that you have set SSM as a trusted app in Comodo.
Then SSM takes care about DLL injections, so they will not reach Comodo.
I used to have many alerts in Comodo, so I used to have monitoring disabled.

 

I never got any alert even when I was not using SM.

 

I guess the difference is dll injections related with outbound, as opposed to dll injection in general.

 

Sorry, I did not understand it fully? Can u explain it?

 

I think Someone referred to DLL injections on processes requesting outbound connection.
Is Comodo supposed to alert on injections at all? This screenshot is saying "monitoring", right? The slider for adjusting alert frequency seems to deal with network activities only and not with inter-process operations. Well, I see the component monitor is set to "Learn mode" by default, so that explains lack of popups. But even if you put it in "Turn on" mode, alerts don't show up. I suppose that Comodo's HIPS is so rudimentary that it doesn't alert you at all, but rather functions on simple allow/deny principle. You keep Comp Monitor in learning mode for a while, it sets some rules automatically, then you switch it on, and it blocks anything which doesn't have a rule. Without a popup. On the other side, SSM is a dedicated HIPS.
This is only my opinion, I am not using Comodo right now so I may be wrong here...

Cheers.

 

I am also supecting a bit similar. I think it monitors dll loading but does not warn u about this. Instead u get an alert about unknown components( already injected dlls) when an application wants outbound connection.

 

That's exactly what i meant, thanks The Seer.
Only when an app. tries to conect, Comodo will warn of what's associated with it.
CPF3 with HIPS will detect these things in real time, when the dll is injected.

This is me guessing. But it does make sense, and why leaktests are tricky when you're not at the process level, or whatever it's called.

 

Just to make thigs clear. I think Comodo FW alerts u when a there is some global hook on ur system and ur browser tries to connect to internet while hooked. I saw this hooking alert when I tried some keyloggers.

 

That's good to hear, Comodo at work.
My "issue" with it, as it stands, it not being able to block that in real time, so that i just use IE7 (for instance) at will, with no "hooks" (and Pan's..)

 

It will never block in real time, that,s job of HIPS.

 

Aigle, exactly..

V3 should though. I wait to see what comes out.

 

Ya but I prefer a separate HIPS at least ATM.

 

I really don't know about DLL injections. I am past the knowledge on that.
Many internet using software like browsers add a lots of dll's while browsing. So I keep Comodo component monitor always in learning mode. I had some bad experience with my previous computer when taking off Comodo from learning mode, but it might have been something else that happened like WWDC I did same time.

I know that SSM tells about a few things about dll's that goes in the context of this thread, mainly some keyboard hooks or whatever I don't really know much about that.

What I know about Comodo is that sometimes when I ran my netphone program or Trillian sandboxed, that is an instant messenger, that after some session Comodo starts to tell me about 'invicible applications' going to net while running my Firefox inside Sandboxie and surfing to a normal sites. I really don't know how it happens. Usually I just delete Sandboxie content and those prompts from Comodo don't come again.
But makes me crazy to answer prompts about invicible applications, "possibly trojans", heh.

 

Yes Aigle

That was a dissapointment when I tried Comodo. It notifies when a changed program is trying to access outbound traffic. I tried Zapass on Comodo, it failed, I was thinking what did I do wrong in the setup. Turns out Comodo checks CRC hash and when notifies when it is changed.

Comodo will be a great program (in the release 3?). Online Armour proved that a FW is the ideal combination with an Anti-Executable. Coreforce goes one step further and combines data level protection with it. Hopefully Comodo development will go into that direction.

Regards K