how a user thought CIS saved his life (lol)

okay, the guy clicked on a link somewhere, and installed a rogue. He stopped and blocked the rogue processes himself, ie manually, from CIS def+, and that’s what he calls protection. He didn’t get a single warning from CIS, but just prompts asking him to allow Microsoft processes ;D … what he did (before realizing what’s going on…), see for yourselves:

http://forums.comodo.com/news-announcements-feedback-cis/thanks-to-cis-i-won-a-battle-with-fake-av-t72096.0.html

Yes CIS asked me if I wanted to grant full access to a program signed by Microsoft and I clicked yes.
so I decided to stop and block this processes gaining control of my laptop again, all windows telling me I was infected stoped.

So, he was not saved, since he granted the fake av. ::slight_smile:

wondering if that was not a case of experiencing a fake MS certificate, you know, one of those that Comodo “lost” sometimes ago ;D

ps: well Def+ is supposed to control program sigs

with the help of CIS yeah :smiley: … but as said he got out of it using HIPS blocking manually.