Why blame CFP when Eraser leaves random files in its wake?

TheGodSplinter

New Member
Hi...

The issue of files being left behind after an Eraser wiping is far from over.

I am using the latest of Comodo's Firewall Pro and the latest of Eraser and this is still happening. The only other mention of this that I can find, here, has been a thread that appears to be now locked.

Somebody, in that thread, suggested that Comodo's Firewall is the reason for Eraser leaving behind random .dll and .exe files after a wipe. Comodo's Firewall Pro is, well...a firewall. What is it that the Firewall could possibly be doing that causes Eraser to leave these files behind?

I find this tendency (which happens during the use of Eraser, but not during the use of other eraser-type programs, including the one included with PGP) a touch sinister and I've yet to hear, from the writers of Eraser, any form of understandable explanation about why it is happening at all.

If the Defence+ part of CFP was doing this, then...why would it choose to take randomly chosen files from elsewhere on C drive and place them in the folder in which are the files I'm currently Eraserising!?

Why is Eraser leaving behind these files?

Ian.
 

garrett01

Administrator
Staff member
First the root issue is that Comodo must be scanning the files and thus interfering with the erasing process.

>> Eraser leaving behind random .dll and .exe files after a wipe
Before Eraser finally wipes the file it renames it to that of a file randomly chosen from the windows directory.

Garrett
 

Joel

Active Member
Eraser does this to ensure a level of plausible deniability. This is a step to ensure that no one can point at you and say that "HEY! You used Eraser and you're destroying evidence!" Because by picking a random file name over, you can always say that you didn't use it, and an old system file was there.

Joel
 

TheGodSplinter

New Member
Hi...

Then, would it be accurate to say that the brief planting and wiping of those randomly chosen and used ".dll" and ".exe" files normally would happen so quickly as to be invisible, and that Comodo Firewall Pro's Defence+'s scanning is merely delaying the process between (1) Eraser planting the randomly chosen files and (2) Eraser then deleting them again?

Is Defence+, in fact, only slowing a built-in Eraser security process long enough to make the randomly planted files visible, when they would ordinarily not be so?

If that is the case, how is it that many of the files are planted and then wiped, again, but some occasionally are left behind in the folder, unerased?

Ian.
 

TheGodSplinter

New Member
Taking this a little further...

I recall, recently, that Defence+ actually challenged the writing of the files that Eraser was trying to use. I'd see the Defence+ alert, telling me that Eraser (or Eraserl) was trying to create a file or folder. I'd click to allow it and Eraser would copy one visibly into place. Then, the process was repeated a good few more times. In the end, I temporarily disabled Defence+ and the rest of the process went by without issue.

Does that sound like it confirms the above explanation given to me about this oddity?

If this is the case, then I'll tell Defence+ that Eraser is a trustable app' and that should put an end to it: does that sound about right?

HEY: I JUST THOUGHT...this "bug" isn't just not a bug...it's an event that openly proves to the user that Eraser and Defence+ are actually doing their job, and doing it well! It's good to see the positive side of things, now and then!

Ian.
 

Overwriter

Active Member
TheGodSplinter said:
HEY: I JUST THOUGHT...this "bug" isn't just not a bug...it's an event that openly proves to the user that Eraser and Defence+ are actually doing their job, and doing it well! It's good to see the positive side of things, now and then!
Yay ! :D
 
Top