Explanation:
Last edited by a moderator:
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
I think your second part of test i.e when you executed malware from a folder i.e ------
I think from CIS version 8, CIS treats everything safe that was there on the system before CIS install. So if you want to test folder full of malware then copy the folder on the system after CIS install.
So was the folder on the system before CIS install? I forgot to notice that when I watched the test.
I think from CIS version 8, CIS treats everything safe that was there on the system before CIS install. So if you want to test folder full of malware then copy the folder on the system after CIS install.
So was the folder on the system before CIS install? I forgot to notice that when I watched the test.
Last edited by a moderator:
- Apr 13, 2013
- 3,147
Very thorough review. But just a few points-
1). at 8:29 of the video the Sandbox settings was highlighted, specifically the setting that only isolates threats from the Internet. If the setting is left that way (default), ONLY items that are run from the C-Downloads directory will be sandboxed! God alone knows why Comodo decided to do this- malware run from anywhere else will not be virtualized and will infect the system. Changing that setting from "Internet" to "Any" will sandbox malware (and adware/Junkware) run from ANY location (This was demonstrated quite well at 43:18).
So it is IMPERATIVE to change that sandbox setting from "Internet" to "All".
2). I'm really curious as to why there were trojans in the Temp directory (at 27:48). When downloading a malicious file into the Downloads directory and run, everything that happens subsequently will be in Full V and will at the most (in the case of spawn) will go into a virtual temp directory which will be flushed when sandbox is cleared. As a scan wasn't done prior to the test, there is a great likelihood that they pre-existed in that directory.
3) An easy way to directly see what is being sandboxed is in Killswitch Click View>Show Only Sandboxed processes.
4). Comodo AV, never really very strong at its best, is now awful against new malware. There is no reason at all to install CIS (with the local AV) over Comodo firewall (without the local AV).
5). I feel the major difference between version 8 and 7 is that the sandbox at Full V is now the default level. This is excellent (or would be if not for that stupid "Internet" setting!).
6). Thank you very much for posting this review!!!!
1). at 8:29 of the video the Sandbox settings was highlighted, specifically the setting that only isolates threats from the Internet. If the setting is left that way (default), ONLY items that are run from the C-Downloads directory will be sandboxed! God alone knows why Comodo decided to do this- malware run from anywhere else will not be virtualized and will infect the system. Changing that setting from "Internet" to "Any" will sandbox malware (and adware/Junkware) run from ANY location (This was demonstrated quite well at 43:18).
So it is IMPERATIVE to change that sandbox setting from "Internet" to "All".
2). I'm really curious as to why there were trojans in the Temp directory (at 27:48). When downloading a malicious file into the Downloads directory and run, everything that happens subsequently will be in Full V and will at the most (in the case of spawn) will go into a virtual temp directory which will be flushed when sandbox is cleared. As a scan wasn't done prior to the test, there is a great likelihood that they pre-existed in that directory.
3) An easy way to directly see what is being sandboxed is in Killswitch Click View>Show Only Sandboxed processes.
4). Comodo AV, never really very strong at its best, is now awful against new malware. There is no reason at all to install CIS (with the local AV) over Comodo firewall (without the local AV).
5). I feel the major difference between version 8 and 7 is that the sandbox at Full V is now the default level. This is excellent (or would be if not for that stupid "Internet" setting!).
6). Thank you very much for posting this review!!!!
Last edited:
Thanks @cruelsister for the post and your comments.
I saw that settings are default in this review. In my opinion, "Proactive Protection" settings is the best settings in CIS.
When we enable the "proactive protection" config, sandbox works like v7 sandbox
But many users of CIS, use the product with default settings so default settings have to be changed by Comodo.
I saw that settings are default in this review. In my opinion, "Proactive Protection" settings is the best settings in CIS.
When we enable the "proactive protection" config, sandbox works like v7 sandbox
But many users of CIS, use the product with default settings so default settings have to be changed by Comodo.
- Apr 13, 2013
- 3,147
You made an excellent point about the configuration differences (which I always fail to discuss)!
Consider this:
1). Comodo Internet Security has a its default configuration "Internet Security".
2). Comodo Firewall has as its default configuration "Firewall Security".
Both of the above will the Sandbox setting issue as noted in the above posts.
3). Changing either CIS or CF to "Proactive Security" will totally get rid of of the setting that would need to be changed (in addition to extra protection of COM interfaces), so if run in Proactive config everything is already done for you.
Thanks, Yigido!!!
Consider this:
1). Comodo Internet Security has a its default configuration "Internet Security".
2). Comodo Firewall has as its default configuration "Firewall Security".
Both of the above will the Sandbox setting issue as noted in the above posts.
3). Changing either CIS or CF to "Proactive Security" will totally get rid of of the setting that would need to be changed (in addition to extra protection of COM interfaces), so if run in Proactive config everything is already done for you.
Thanks, Yigido!!!
- Oct 20, 2014
- 804
Comodos been getting some flak for the Any setting. Although Avast isn't on Hardened Mode on default, nor is the extra engines enabled by Qihoo...
Comodo is still great. At least we GET to change settings
Comodo is still great. At least we GET to change settings
"ONLY items that are run from the C-Downloads directory will be sandboxed"
I change the download directory for all the browsers to desktop - downloads i.e I create a folder named downloads on the desktop.
So desktop - downloads folder will be monitored too by CIS sandbox, right?
CIS cloud works good so I am thinking of removing Comodo AV & going only with CFW & Sandbox, what you say?
But in the absense of the AV, for cloud AV detection, are quarantine & exclusion available in the GUI?
- Apr 13, 2013
- 3,147
Sorry for the delay in answering. Yes, the files run from the Downloads directory on the Desktop will be shunted off to the sandbox, but PLEASE don't leave the sandbox settings at default as you want things from ANY directory and ANY source to be sandboxed. The easiest way to change it would be the Yigido Method- switch to Proactive Security (from Firewall Security) in the Configuration settings.
Also, I actually totally agree with dumping CIS (with the AV) and going with just the FW. I disagree that the Cloud AV is good- although it does work fairly well against malware around for a number of days, it is horrid against D+2 and newer threats; but as the Sandbox will contain all malware threats, who really cares if an AV detects the threat or not?
Remember the Prime and Only Purpose of an antimalware application is to protect your system from harm- Comodo Firewall 8 with Sandbox on and HIPS off will do this . AV detection via definitions is a thing of the past and not something one should be concerned about.
Also, I actually totally agree with dumping CIS (with the AV) and going with just the FW. I disagree that the Cloud AV is good- although it does work fairly well against malware around for a number of days, it is horrid against D+2 and newer threats; but as the Sandbox will contain all malware threats, who really cares if an AV detects the threat or not?
Remember the Prime and Only Purpose of an antimalware application is to protect your system from harm- Comodo Firewall 8 with Sandbox on and HIPS off will do this . AV detection via definitions is a thing of the past and not something one should be concerned about.
- Jun 22, 2014
- 717
Really good granular review,really worth growing that beard while watching it.
The firewall as mentioned above is more than able to protect a system on it`s own when tweeked.I saw the cloud detection doing very well recently in a video(here on MT I think?)as well.Don`t know about the Viruscope
but if it`s not using resources much then why not ?
With each version of CIS the AV component seems to be getting more and more redundant to the point where all the main goodies are in the firewall.Just add acouple of "on-demand" scanners and your good to go.
Comodo firewall is incredably light on the system as well, which imo is amazing when you consider what`s packed under the bonnet and all for free.
Regards Eck
The firewall as mentioned above is more than able to protect a system on it`s own when tweeked.I saw the cloud detection doing very well recently in a video(here on MT I think?)as well.Don`t know about the Viruscope
but if it`s not using resources much then why not ?
With each version of CIS the AV component seems to be getting more and more redundant to the point where all the main goodies are in the firewall.Just add acouple of "on-demand" scanners and your good to go.
Comodo firewall is incredably light on the system as well, which imo is amazing when you consider what`s packed under the bonnet and all for free.
Regards Eck
Similar threads
