Guide | How To Comodo Internet Security 8 [0-Day Protection Guide]

The associated guide may contain user-generated or external content.

Kate_L

in memoriam
Thread author
Verified
Top Poster
Well-known
Jun 21, 2014
1,044
Hello,

I wanted to write a guide about my favorite way to protect my system using Comodo Internet Security.

I install Comodo with Cloud Lookup enabled, I don't need other options. After the install, I make a few changes.

Firewall Config
From Firewall Task, stealth ports I select block all incoming connections.
Open Advance Settings > Firewall Settings > On Do NOT show popups Alerts [Block Request]. In the same tab, under Advanced check [Filter IPv6 traffic] [Filter loopback traffic] [Block fragmented IP traffic] [Do a protocol analysis] [Enable anti-ARP spoofing]

Defense + Config
From HIPS > HIPS Settings check [Enable enhanced protection mode] only if you have 64bit OS.
For Sandbox > Auto-Sandbox > click on the first Run Virtually and edit in: Change from Internet to any in the source tab. In the Reputation tab select File is rated as [unrecognized]. In the Option tab select Set Restriction Level [Untrusted]

This setup is the best for 0-Day Protection. A small warning is that if the file is "safe" and it still doesn't work you need to make a custom firewall rule to allow it to the web (I had this issue with a few files)
 
Last edited:

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
619
Good settings, very similar to mine, but my Viruscope I only active for applications in the sandbox, because I know that my PC is clean, but is also a great option to leave it active for the entire PC. Thanks!
 
  • Like
Reactions: tonibalas

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Hello,

I wanted to write a guide about my favorite way to protect my system using Comodo.

I install Comodo with Cloud Lookup enabled, I don't need other options. After the install, I make a few changes.

From Firewall Task, stealth ports I select block all incoming connections.

General Settings I set "Check for database updates every" and I set 1 hour.

Under Security Settings:
Scans:
I disable all scans
I edit the scans to use cloud, scan for PUP and I set heuristics High. I don't use schedule.

Defense +:
Auto-Sandbox I set all actions from Run Virtually to Block. I edit the first "Unrecognized" rule and set Location and Origin to "Any".

Virus Scope I uncheck Monitor sandboxed applications only.

This configuration will block all unknown files and will not run virtually. All that you need to do is from File Rating > Unrecognized Files you select the actions for the files (add to trusted if needed).

I just test a little bit with this configuration and it's not bad...tnx ;)
 
  • Like
Reactions: tonibalas

Kate_L

in memoriam
Thread author
Verified
Top Poster
Well-known
Jun 21, 2014
1,044
I also know that my PC is clean but I love to have more control over it. This way everything that is not used is blocked. I always loved to have a little fortress :D

This configuration is the best I can get, if I test this vs malware my config will keep my PC protected and it is free. I love Avast but hardened mode lets some malware infect my PC.
 
Y

yigido

Good settings, very similar to mine, but my Viruscope I only active for applications in the sandbox, because I know that my PC is clean, but is also a great option to leave it active for the entire PC. Thanks!
I recommend you uncheck it. Because we all know "trusted malwares".

Thanks for this guide :) but It is so covered for me. I like to run unknown samples, I do not want to block.
 
  • Like
Reactions: zbc1 and tonibalas

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Comodo block downloading CCleaner from Piriform.com :mad:

Clipboard01.png
 

Kate_L

in memoriam
Thread author
Verified
Top Poster
Well-known
Jun 21, 2014
1,044
I don't use SecureDNS, I don't use any DNS for my protection (privacy issues).
 
D

Deleted member 21043

A well known vendor claiming that a website may contain malware hurts reputation. What if someone using Comodo SecureDNS wanted to download CCleaner or another Piriform product and then they see that red alert claiming it contains malware? It's misleading, because not only is Piriform clean and not malicious, but they seem to not have actually checked the website. Not only this, however that user will most likely be put off continuing after knowing that Comodo have said they may be a unsafe action, meaning that Piriform don't get that extra customer who could have indeed become a paid customer (meaning they now lose money).

Poor effort.

---
https://www.virustotal.com/en/url/5...ad590adca96934fd4d4d4f9d/analysis/1418772464/

Now Comodo seem clear (probably realized the detection quickly). 2 other products, which, funnily enough I have never heard of... detect the website. Who knows, maybe Comodo just saw the report on VirusTotal and decided to detect it based on the other false positive detections from the other 2 products listed on VT. One of them most likely messed up, then the other just most likely saw one detected and added it. If so, poor effort... This is why I like companies like ESET. They actually check the sample them self instead of copy-pasting detections.
 
  • Like
Reactions: Terry Ganzi
H

hjlbx

s
Hello,

This configuration will block all unknown files and will not run virtually. All that you need to do is from File Rating > Unrecognized Files you select the actions for the files (add to trusted if needed).

Hello OpenSecLabs,

I try it out. Hah, hah...you turn COMODO into one big anti-executable.

I think will work fine as long as COMODO Trusted file cloud database is clean. Just imagine what would happen if digitally signed, faked Trusted Vendor malware ever managed to get added to that database. Would be even worse if widely installed file. Anything possible. Never say never.

COMODO Trusted files database still needs many legitimate, but still Unrecognized files added to it. If user does not transfer safe, but Unrecognized (after Rating Scan) to Trusted files then it gets blocked. Bad news for some drivers/graphics controllers - like AMD/ATI - which are not digitally signed.

When I first used COMODO I did not transfer pre-installed, safe Unrecognized files to Trusted files. I did not know how it all worked. Eventually, I uninstalled COMODO thinking it was not working correctly. However, it worked as designed/intended.

I learned very hard way.

hjlbx
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top