» cmdguard.sys
Overview
Analysis
File Details
Behaviors (1)

cmdguard.sys

COMODO Internet Security Sandbox Driver

Comodo Security Solutions, Inc.

It runs as a Windows file system device driver named “COMODO Internet Security Sandbox Driver”.

File name:

cmdguard.sys

Publisher:

COMODO (signed by Comodo Security Solutions, Inc.)

Product:

COMODO Internet Security Sandbox Driver

Version:

5, 4, 189068, 1354 built by: WinDDK

MD5:

ab491f59adb3a496a6a13636767c9317

SHA-1:

8d03ef6b1a301980dd3e76d298b3c1e36ab3c76a

SHA-256:

94e7d59241fd53e1252732e9e80e0f87fbc8b9a2b44a161076bda42b3a56b3d8

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 3:51:05 PM UTC (today)

File size:

233.4 KB (238,960 bytes)

Product version:

5, 4, 189068, 1354

Original file name:

cmdguard.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\cmdguard.sys

Digital Signature

Signed by:

Comodo Security Solutions, Inc.

Authority:

VeriSign, Inc.

Valid from:

3/2/2011 1:00:00 AM

Valid to:

3/4/2012 12:59:59 AM

Subject:

CN="Comodo Security Solutions, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Comodo Security Solutions, Inc.", L=Jersey City, S=New Jersey, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0C078E1D0F486BF4325E09F8BEDF2446

File PE Metadata

Compilation timestamp:

5/2/2011 9:02:42 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:LTVu0PVale3YPfH3MpDiBXa+Gr4XDj/+n3FlJ8k:LZOfCmBAsDjs3Flj

Entry address:

0x37195

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 61, FE, FF, FF, CC, CC, CC, 08, 73, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5A, 83, 03, 00, FC, D0, 02, 00, DC, 72, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 84, 03, 00, D0, D0, 02, 00, 0C, 72, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 89, 03, 00, 00, D0, 02, 00, FC, 72, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 3A, 89, 03, 00, F0, D0, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 32, 86, 03, 00, 1E, 84, 03, 00, EA... 
[+]

Entropy:

6.4163

Code size:

179 KB (183,296 bytes)

Driver

Display name:

COMODO Internet Security Sandbox Driver

Service name:

cmdGuard

Type:

File system 'filter' driver (FileSystemDriver)

Group:

FSFilter Anti-Virus

Depends on:

FltMgr

Scan cmdguard.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.