Defence plus does not detect driver/ service install

It seems a security hole. I tried this tool

http://www.iterati.org/Developers/HideProc/Default.aspx

Very strange that CFP gives no warning about a driver/ service install on my system. I posted it at their forums. And according to a user there:

Hmmm... I never expected this from a HIPS. It,s a security hole IMO. What do u think about this?

Thanks

 

Aigle nice read

Well given the advice of the Chinese poster (assuming Google translate did not fool me) to add a 'real' HIPS to Comodo, because CFP in itself lacks sufficient protection, says enough! Maybe some Chinese speaking member could check and protect us from jumping to the wrong conclusion.

So you are better of using TF and GW combined (together also provides oubound protection, when disabling DNS Service, DNStester fails also, your modem or ISP will handle DNS name cache look ups) What use does a second safety net has (behind GW) when its mazes are to wide

 

It will block the driver install if you block it from accessing the Service Control Manager" (SCM) when you run the program. I think the Chinese poster had a flawed setup.



It's worth mentioning, however, that there's no specific indication that a driver is being installed. A lot of programs prompt this SCM warning and it seems to cover a few types of activity. Often, the program will run fine whether you allow it or not, which can be confusing. I'd like to see Comodo offer more granular control over these activities instead of lumping them under SCM access.

 

Hi, no it will not. It,s a useless alert by CFP. driver is installed long before this alert.

 

Driver is not installed, nor does the program work. If I allow the request, the program runs fine.

 

Here is what I get. First I get two alerts when I execute HideProc and hideproc is able to hide any process. I get a third alert about Service Control Manager access only when I try to shut down the GUI of HideProc.

Obviously whether I allow or deny it, practically it makes no difference.

 

Interesting. I have Execution Control disabled so I don't get the first alert. Nor do I get the Elevated Privilege alert. I'm using Clean PC mode with all of the monitor settings checked.

I'm using Vista, btw.

 

Hmmmm.... so different OS gives different reults. I am using XP Home SP2.

BTW elevaed privilege alert is due to TF on my system, I don,t get such alert without TF.

 

Appreciate the test and results.

I'm gonna try this on EQS 4.0 Beta and see what develops. This appears to be something SSM would easily intercept but waiting for another user of it to chime in with their results since i'm nearly exclusive with EQSecure HIPS now.

EASTER

 

EQS will detect service/ driver install as i posted already though it will not detect process hiding but that is being discussed in another thread here:

https://www.wilderssecurity.com/showthread.php?t=215421