CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

languy99 wrote:

ssj100 wrote:Still fails the LNK POC exploit in default configuration (both methods).

here is the responses I got back from the developers:

The exploit is a windows XP bug. It is NOT a buffer overflow. It is NOT related to commandline parsing neither.
I am afraid It is not in the scope of this beta testing. For the corporate environment, application whitelisting is the only reliable way to proactively prevent this. But that is not applicable for the desktop users. Btw, CIS 3.x or CIS 4(If the DLL is from a removable device) would alert for runDLL version of this too.

Yep not just XP but others too. We analyzed it. MS has to issue a fix for this asap. The proactive mesaures are going to be too noisy for the end user.

Fair enough I guess - the Classical HIPS simply doesn't have the same concept as the white-listing approach of LUA + SRP. Also it's not noisy at all. In fact, it will make much less noise than CIS. Anyway, CIS can be configured to block that exploit easily if you know how to do it. However, as the developers have voiced, using this configuration as default in CIS for the average end user would be far too noisy.

New release, V5 has now officially made it into the Release Candidate stage.

What is new in this release?

FIXED! Antivirus scanning freezes in some computers during full scan
FIXED! cmdagent.exe crashes in some systems
FIXED! cmdagent.exe consumes too much CPU while application launching
FIXED! Sandbox shows alerts for non-existing applications
FIXED! D+ does not show execution alerts for commandline arguments
FIXED! Some applications do NOT work even if they are added to Exclusions list of Shellcode Injections e.g. Daemon Tools or licensing software.
FIXED! CIS consumes 100% CPU when the computer first starts and a new zone is detected
FIXED! CIS Firewall alerts unnecessarily for manually sandboxed safe processes
FIXED! IE8 can execute processes outside the sandbox when UAC is disabled
FIXED! CIS causes Pinnacle Studio 14 to crash
FIXED! CIS does not protect ProxyServer registry key
FIXED! CIS crashes during drag&drop of firewall rules
FIXED! CIS shows incorrect icons in firewall rules

The most important fix in this release is performance degredation fixes caused by antivirus scanning. It should now be observable in realtime. For example, while tagging MP3 files or doing something that requires file system traversal.

https://forums.comodo.com/empty-t60637.0.html;topicseen

New RC2 just released today:

What's New in build 1120?

IMPROVED! CIS status messages - CIS now reports if some of the subsystems are disabled or if its in game mode
IMPROVED! CIS now scans running applications in the computer during the installation in the cloud before the reboot
IMPROVED! More protected registry keys are added
FIXED! CIS does not work properly with some windows 7 mobile broadband cards
FIXED! CIS does not properly check unrecognized files/vendors in the cloud
FIXED! CTM snapshotting does not work with CIS
FIXED! Sandboxed applications are not shown properly in the active process list
FIXED! Many crashes related to CIS UI


Bug Reports:

http://forums.comodo.com/beta-corner-cis/comodo-internet-security-501616951120-rc-bug-reports-t61205.0.html
Download Locations:

32 Bit Operating Systems:

http://download.comodo.com/cis/download/installs/1000/standalone/cispremium_installer_x86.exe
Size: 48M ( 50166216 )
MD5: 69f26c394a2268f27a214d16476d1381
SHA1: d1331fbcf3c88550a29106ad272df25edbc296ae

64 Bit Operating Systems:

http://download.comodo.com/cis/download/installs/1000/standalone/cispremium_installer_x64.exe
Size: 50M ( 51941320 )
MD5: 9c66c5ea032e1724c7feeafc405f488a
SHA1: 0cdae8ddb46b88a396ddcab2b4b352921d36be89

final release today

https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-501626361135-released-t61661.0.html;msg434418#msg434418

Thanks, will test it out soon.

Any idea if DLL blocking is back?

I don't know if they will add DLL blocking yet. But they did just update the DNS servers today with active malware blocking. From what I hard it actually is working pretty well. They are having a little trouble blocking some safe sites that might serve up malware sometimes, but that will get sorted soon.

languy99, it sounds like Matt (from remove-malware.com) is going to do the same testing as you did for NIS and CIS:
http://remove-malware.com/uncategorized/comodo-vs-symantec-is-free-enough/

I’m considering doing default installs of both and seeing:

A – which one gives me the most protection out of the box (no configuration)

and

B – which one doesn’t “nag me” all that much, yet provides the protection I need.

The video(s) would be released on Saturday since I’m taking off that day.