North America
  • North America
  • Europe
  • United Kingdom
  • Asia & Pacific
  • Australia
  • South America
  • Africa

How to Exclude Applications from Shellcode Injection Protection

Release Time
05/09/2018
Views
719 times


Introduction:

  • A shellcode is an attack which exploits software vulnerabilities to give attackers control of a compromised machine. For example, shellcode attacks are often used to create buffer-overflows on victim machines.

  • Any application with unpatched vulnerabilities is susceptible to a shellcode attack.

  • By default, Comodo Client Security (CCS) monitors all applications to make sure they do not suffer shellcode attacks.

  • However, you may want to exclude certain applications from protection for compatibility reasons. This wiki explains how you can exclude specific applications.

Process in brief

  • Log into ITarian then click 'Applications’ > ‘Endpoint Manager’

  • Click 'Configuration Templates' > 'Profiles'

  • Open the profile that you want to modify

  • Click the 'HIPS' tab (...or click 'Add Profile Section' > 'HIPS' if you haven't yet added this section)

  • Scroll down to 'Detect shellcode injections'

  • Click the blue 'Exclusions' link

  • Click the 'Add' button to exclude applications by path, folder, running process or file group

  • Click 'Ok' then 'Save' to apply your changes

Process in detail

Step 1:

  • Log into ITarian then click 'Applications' > 'Endpoint Manager'

  • Click 'Configuration Templates' > 'Profiles'

  • Click the 'Profiles' tab to show all available profiles:

Step 2 :

  • Open the profile you wish to work on by clicking its name. This will open the profile's details page.

    • Select the 'HIPS' tab if it has already been added to the profile

      OR

    • Click 'Add Profile Section' > 'HIPS' to add a new HIPS section

 

  •  

Step 3:

  • Click the 'HIPS Settings' tab

  • Scroll to the 'Detect Shellcode injection' setting at the bottom

  • Click the blue 'Exclusions' link:

  • Click 'Add'. You can select the applications you want to exclude by path, folder, running process or file group:

i) File Path – Location of the file you want to exclude. Provide the file path name and click 'OK'.

ii) Folder - Exclude all applications in a specific folder.

Provide the folder name and click 'OK'.

iii) Running Processes - Exclude an application by choosing its running process. Provide the running process and click 'OK'.

iv) File Groups - Exclude a category of files. For example, 'Executables' will exclude all files with the following extensions: .exe .dll .sys .ocx .bat .pif .scr .cpl, *cmd.exe *.bat, *.cmd.

 

Step 4: Finally click 'Save' to apply changes.