Miscellaneous Settings
- Click 'Configuration Templates' > 'Profiles'
- Click the name of a Windows profile
- Click 'Add Profile Section' > 'Miscellaneous'
The 'Miscellaneous' settings screen opens:
- Apply the selected action to...' - CCS will monitor registry entries related to Windows services, auto-run items and scheduled tasks. If any entries are created or modified by unrecognized files/scripts, they will handled per the action chosen. (Default = Enabled)
- Detect shellcode injections:
- A shellcode injection is an attack which exploits software vulnerabilities to give attackers control of a compromised machine.
- For example, shellcode attacks are often used to create buffer-overflows on victim machines. Enable this setting to turn-on buffer overflow protection.
- By default, Comodo Client Security (CCS) monitors all applications to make sure they do not suffer shellcode attacks.
- However, you may want to omit certain applications from protection for compatibility reasons. Click the 'Exclusions' link to do this.
- The process to add exclusions is similar to that explained in Containment Settings.
Background: A buffer overflow is an anomalous condition where a process/executable attempts to store data beyond the boundaries of a fixed-length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data, and may cause a process to crash or produce incorrect results. As such, buffer overflows cause many software vulnerabilities and are the basis of many exploits.
Comodo recommends this setting is left enabled (Default = Enabled).
- Monitor DLL files being loaded by running processes - CCS monitors the DLL files loaded to system memory, by processes that are currently running on the endpoint (Default = Disabled).
- If enabled, CCS runs a file rating scan on each DLL loaded to identify its trust rating.
- The trust rating is reported to Endpoint Manager. Files with an Unrecognized' rating are submitted to Valkyrie for analysis.
- You can view these details at 'Security Sub-Systems' > 'Application Control'. See Manage File Trust Ratings on Windows Devices for more details.
- Apply the selected signature level while.... - CCS identifies untrusted DLLs, apps, portable executables (PE) and autoruns launched before CCS starts on the endpoint. These may expose the endpoint to a danger if those items turn to be malicious. (Default = Disabled)
- CCS checks whether startup items are signed by a trusted authority and marks them as trusted or untrusted. The flag is used at next restart to allow or block the item.
- You can choose how strict the certificate check should be:

- Windows - Only items signed by Microsoft certificates are marked as trusted
- Antimalware - Trusts files signed by either Microsoft or Antimalware certificates
- Authenticode - Flags all signed files as trusted
- Click
'Save' to apply your changes to the profile.