» inspect.sys
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

inspect.sys

COMODO Firewall Pro Firewall Driver

Comodo CP, Inc

It runs as a Windows kernel mode device driver named “Comodo Firewall Network Driver”. This is installed with COMODO Firewall Pro.

File name:

inspect.sys

Publisher:

COMODO (signed by Comodo CP, Inc)

Product:

COMODO Firewall Pro Firewall Driver

Version:

3.0.11.239 built by: WinDDK

MD5:

74e6ae0999ac3440feb054c5a575dd6c

SHA-1:

3b6e4dff8df8448b74a2a638a07fea93334ad8d8

SHA-256:

dc1a621fac6c47dce6e746aeb108275d88b31050145a632d5defddb88fc4994b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 12:36:47 AM UTC (today)

File size:

67 KB (68,600 bytes)

Product version:

3.0.11.239

Original file name:

cmdguard.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\inspect.sys

Digital Signature

Signed by:

Comodo CP, Inc

Authority:

VeriSign, Inc.

Valid from:

4/4/2007 8:00:00 PM

Valid to:

4/4/2008 7:59:59 PM

Subject:

CN="Comodo CP, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Comodo CP, Inc", S=NewJersey, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5E93B43C900815BF50B6C68DBA2D9FDB

File PE Metadata

Compilation timestamp:

12/4/2007 5:32:50 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

8.0

CTPH (ssdeep):

1536:KU80GkFP44PotgcxaKOItJTkMSIkSWtktMGet:fqW44PoSrUDJSIkdtk

Entry address:

0xF23B

Entry point:

8B, FF, 55, 8B, EC, A1, D0, E3, 01, 00, 85, C0, B9, 4E, E6, 40, BB, 74, 04, 3B, C1, 75, 1E, 8B, 15, 58, D1, 01, 00, B8, D0, E3, 01, 00, C1, E8, 08, 33, 02, A3, D0, E3, 01, 00, 75, 07, 8B, C1, A3, D0, E3, 01, 00, F7, D0, A3, D4, E3, 01, 00, 5D, E9, 89, FD, FF, FF, CC, 49, 00, 6E, 00, 73, 00, 70, 00, 65, 00, 63, 00, 74, 00, 00, 00, CC, CC, C4, F3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BC, F9, 00, 00, D0, D0, 00, 00, F4, F2, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 12, FA, 00, 00, 00, D0, 00, 00, 04, F3, 00... 
[+]

Entropy:

6.6078

Code size:

51.5 KB (52,736 bytes)

Driver

Display name:

Comodo Firewall Network Driver

Service name:

Inspect

Type:

Kernel device driver (KernelDriver)

Group:

PNP_TDI

The file inspect.sys has been discovered within the following program.

COMODO Firewall Pro by COMODO

Publisher's description - “This ground-breaking method of protecting your PC means that only trusted applications are allowed to run. Malware and untrusted files get nowhere near anything important AND you get to use your computer without interruption from nagging alerts.”

www.comodo.com

7% remove it

Scan inspect.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.