How to manage shellcode injection detect for the applications through Comodo Client Security

Release Time
05/09/2018
Views
55 times

Introduction:

This option instructs Comodo Client Security to perform 'Shell Code Injection' which provides protection to the files on your device. 'Shell Code Injection' is the method of buffer overflow which causes many software vulnerabilities and form the basis of many exploits, so in order to detect such vulnerabilities we use this feature. By default, shellcode injection protection is enabled for all applications on your computer. Use this setting to define applications which you do not want to be monitored for shellcode injections.

A buffer overflow is an anomalous condition where a process/executable attempts to store data beyond the boundaries of a fixed-length buffer. The result is that the extra data overwrites adjacent memory locations. This may cause a process to crash or produce incorrect results.

Step 1: Go to ITSM → CONFIGURATION TEMPLATES → Profiles

Step 2: Select the profile applied to your devices (For example: Security profile)and Click ADD PROFILE SECTION and Choose HIPS from the drop down.

Step 3: Select HIPS Setting --> and select the 'Detect Shellcode injection' to exclude the shellcode injection for the certain application select the 'Exclusion' link.

Note: By default, shellcode injection protection is enabled for all applications on your computer. Use this setting to define applications which you do not want to be monitored for shellcode injections.

Step 4: Click the 'Add' button at the top and select the appropriate options from the drop down list as below:

i) File Path - Provide the file path name and click 'OK'.

ii) Folder -Provide the folder name and click 'OK'.

iii) Running Processes - Provide the running process and click 'OK'.

iv) File Groups - It enables you to select a category of file group. For example, selecting 'Executables' would enable you to create a rule set for all executable files with the extensions .exe .dll .sys .ocx .bat .pif .scr .cpl, *cmd.exe *.bat, *.cmd and click 'OK'.

Step 5: Click 'OK' to apply the changes.

Step 6: Finally click 'Save' to apply changes.

Thus the selected files will be excluded from the shell code injections protection.