We have a DOS application that is using “ntvdm.exe” which is Windows system file and it is being recognized as unknown by CCS. We changed the trust rating to trusted but it stays as unknown in CCS and our applications do not work with containment turned on. Since these applications are central to business operations, this issue negates the reason for our purchase of the Comodo licenses as we are currently unprotected. has anyone ran into this issue and know how to resolve it?
We understand that this process is essential for your business and we want to ensure that your application works with no interference with the Client Security. What we can do is to perform a whitelisting process. Please give us your feedback if it this resolves your issue.
GBS-ITSMwhite-listingbypath-210317-1933-22.pdf (299 KB)
Is suspect that even though this is a windows system file the launch is being triggered by you application and CCS is seeing this as a possible attack. This is how its designed.
you need to white list applications so CCS wont do this.
white listing should be done BEFORE you role out CCS, use a test system to see what CCS will pickup, its very sensitive and as such if incorrectly configured you will run into these problems.
you may only need to add your application to the white list, once CCS sees this as white listed it should let it and all dependent file run untouched.
Any problems get a support call going.
Yes it can be a little time consuming to get the policies setup but once done it will offer far greater protection
It’s a good guide by @Jimmy and exactly what you should do.
We have a similar situation with a DOS based parcel delivery application, but we have added the file groups to containment, VirusScope, AV, Firewall etc…
Hopefully doing this you can start protecting your systems once more.
Thanks for the Replies
I believe we have attempted whitelisting and file group utilization. I spent a couple of hours on the phone with a Comodo tech going through whitelisting and file groups. Everything works well except for this one file. I will revisit with the aid of the document provided by Jimmy and let you know how it goes…