» cmdguard.sys
Overview
Analysis
File Details
Behaviors (1)

cmdguard.sys

COMODO Internet Security Sandbox Driver

Comodo Security Solutions, Inc.

It runs as a Windows file system device driver named “COMODO Internet Security Sandbox Driver”.

File name:

cmdguard.sys

Publisher:

COMODO (signed by Comodo Security Solutions, Inc.)

Product:

COMODO Internet Security Sandbox Driver

Version:

5, 6, 207662, 1429 built by: WinDDK

MD5:

e5a211fbce8dba93227be6f6d6873b80

SHA-1:

4a7ecf153e64a0b85852e186d0d9926384b17f6c

SHA-256:

cb8101d53c6cfbce832f8d125e71957a65008cf4f791a2597dbad35735d1283a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/18/2024 2:10:31 PM UTC (today)

File size:

233.4 KB (238,960 bytes)

Product version:

5, 6, 207662, 1429

Original file name:

cmdguard.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\cmdguard.sys

Digital Signature

Signed by:

Comodo Security Solutions, Inc.

Authority:

VeriSign, Inc.

Valid from:

3/2/2011 5:30:00 AM

Valid to:

3/4/2012 5:29:59 AM

Subject:

CN="Comodo Security Solutions, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Comodo Security Solutions, Inc.", L=Jersey City, S=New Jersey, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0C078E1D0F486BF4325E09F8BEDF2446

File PE Metadata

Compilation timestamp:

9/14/2011 9:53:51 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:/xGNz3PFm7rY5BUSioTddblfsGUulB0P53UJyEef:/NzShR/3UukP53U8df

Entry address:

0x37195

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 61, FE, FF, FF, CC, CC, CC, 08, 73, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 76, 83, 03, 00, FC, D0, 02, 00, DC, 72, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 1E, 84, 03, 00, D0, D0, 02, 00, 0C, 72, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 1C, 89, 03, 00, 00, D0, 02, 00, FC, 72, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 56, 89, 03, 00, F0, D0, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4E, 86, 03, 00, 3A, 84, 03, 00, 06... 
[+]

Entropy:

6.4212

Code size:

179 KB (183,296 bytes)

Driver

Display name:

COMODO Internet Security Sandbox Driver

Service name:

cmdGuard

Type:

File system 'filter' driver (FileSystemDriver)

Group:

FSFilter Anti-Virus

Depends on:

FltMgr

Scan cmdguard.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.