Battle 360 Total Security with Windows Firewall Vs Comodo Internet Security Premium

Cat_Volta

Level 1
Thread author
Apr 20, 2017
9
Hi everyone, im using 360 total security and bitdefender engine with microsoft firewall, but these day I have the curiosity about the comodo av and watching some test videos I have the doubt, configuring comodo is better that 360?

What antivirus soluttion you think is better in zero day,usb protection, etc.?

My problem with 360 its the updates of bitdefender always of days ago
 
  • Like
Reactions: ravi prakash saini

novocaine

Level 5
Verified
Well-known
Aug 19, 2016
200
I think Comodo IS with Cruelsister's setting would provide better protection for you. even It would be better if you choose Comodo firewall, because both CIS and CFW have cloud AV modul. with CFW you don't need frequent update (AV), it would run very light, super light. all you need is just spending few minutes in Comodo threads and view the videos, watch and learn and you're all set. you wouldn't need AV or second opinion
 

Xsjx

Level 13
Verified
Feb 21, 2017
613
In the past I had really bad experience with avira so i don't like it very much, in my school every infected pc I see has avira, avast and panda so I dont trust them
You can enable Avira engine, Avira is product of the year and now has higher scores as Kaspersky in av comperarives ;)
Just combine it with Voodooshield and Zonealarm firewall and you are set ;)
 
  • Like
Reactions: Evandro

Xsjx

Level 13
Verified
Feb 21, 2017
613
Real life


Test labs life

:rolleyes: :D
Lol ;P


Umbra For me its the only av my family and friends havent hot infected :p

Kaspersky i could every week remove things with herdprotect :oops: ( maximum settings )

Untill some ransom came trough i switched on advise to Emsicrap :cool:
And it did worser as Kaspersky... :eek:
( also it dod block some of my steam games..)

Okay and on advice i switched to Gdata
Pretty good, But it was a bit heavy :mad:

Okay to Avira ;) i tried 30 days No infections!:cool: Finaly!

Now i also have f secure but it bombs with Fps ;P

I also used Bullguard/Eset/Bitdefender but that was longer than a year ago so i shouldnt talk about it:oops:
 
  • Like
Reactions: Evandro

Ink

Administrator
Verified
Jan 8, 2011
22,490
Kaspersky i could every week remove things with herdprotect :oops: ( maximum settings )

Untill some ransom came trough i switched on advise to Emsicrap :cool:
And it did worser as Kaspersky... :eek:
( also it dod block some of my steam games..)

Okay and on advice i switched to Gdata
Pretty good, But it was a bit heavy :mad:

Okay to Avira ;) i tried 30 days No infections!:cool: Finaly!

Now i also have f secure but it bombs with Fps ;P

I also used Bullguard/Eset/Bitdefender but that was longer than a year ago so i shouldnt talk about it:oops:
End users are the problem, why don't you deploy SUA if it's a shared PC?

Teach them the good vs bad of the Internet, otherwise they'll never learn much experience about exercising afe browsing habits, pop-ups, fake websites, dangers of warez, suspicious emails, risks of ID theft etc...
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
@Cat_Volta first of all, the learning curve requirement and the exclusive features requirement can contrast in cases like Comodo FW / CIS.
To get familiar with what Comodo has to offer that others don't, you'll need to understand its approach:
  • Comodo has a huge huge list of known and safe files, trusted software vendors (you better trim down the Trusted Vendors list)
  • If you deal with any of these known files, CFW/CIS will allow them to run
  • Comodo will automatically 'sandbox' the unknown apps/files so that any of them (if malicious) won't be able to affect your system (It has option for Hardware Virtualization for supported PCs)
  • You can set options for either sandboxing/blocking with different privileges for different types of files (based on trust rating/start location etc.)
  • HIPS, if set, will alert you of apps asking for different critical permissions or actions
  • VirusScope can watch for malicious actions inside and outside of sandbox
  • Comodo has 3 different security levels: Proactive, Internet (default) and Firewall Security
  • Setting it to Proactive mode with some added restrictions (like CruelSister's settings) will help make your system 99.9% impervious to even zero days
  • Except for any critical bugs, only a few ways like file lookup module (if malware was set as Trusted in Comodo's list somehow)(we've seen such an example) or in a rare case where malware steals digital signature of a Trusted vendor, these can lead to a bypass
Basically, all unknown programs and files will be sandboxed (some blocked based on settings) and Not All will run well in the sandbox, in practice.
You can allow an unknown program to run out of sandbox but some of its dependencies can get sandboxed dynamically. Then again, exclude them as required.

Using Comodo needs efforts, understanding and the patience to make things work as you want for regular use!
Now it should be your call. This approach is quite different then all other (traditional) AVs where you don't put such restrictions or Lockdown for security. It's Comodo VS other AVs when deciding.
If this setup looks convenient to you or it feels right for your critical needs, it's probably the best.

Either complement CFW with a light AV as folks here have recommended, so that apps running out of the sandbox are monitored well, or choose another AV entirely (if you chose not to use Comodo) and complement it with a FW like ZoneAlarm, in place of Windows FW.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Doesn't Comodo Firewall not throw HIPS alerts on sandboxed applications?
It'll throw HIPS alerts out for things inside and outside the sandbox, but seeing as everything unknown will end up in the sandbox it's really not necessary.
As @Umbra said HIPS could theoretically catch malware that somehow evades the sandbox but the chance of running into a false negative (malware accidentally whitelisted by Comodo staff or Valkyrie) are extremely low and would only be caught by the paranoid HIPS setting which most users probably wouldn't want to use due to the amount of alerts it throws out and I've only ever heard rumours of malware that can actually escape the sandbox; I've never seen any actual proof of it happening and it can probably be mitigated by settings the privilege elevation setting to block instead of run inside container which would terminate the malware as soon as it attempts to gain admin privileges.
 

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
Lol ;P


Umbra For me its the only av my family and friends havent hot infected :p

Kaspersky i could every week remove things with herdprotect :oops: ( maximum settings )

Untill some ransom came trough i switched on advise to Emsicrap :cool:
And it did worser as Kaspersky... :eek:
( also it dod block some of my steam games..)

Okay and on advice i switched to Gdata
Pretty good, But it was a bit heavy :mad:

Okay to Avira ;) i tried 30 days No infections!:cool: Finaly!

Now i also have f secure but it bombs with Fps ;P

I also used Bullguard/Eset/Bitdefender but that was longer than a year ago so i shouldnt talk about it:oops:
Maybe it was just luck. Or just the warnings. Did you also install Avira Browser Safety when you installed Avira? Could be downloaded malware or malvertising if an adblocker wasn't installed prior.
 
  • Like
Reactions: Evandro and askmark

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
It'll throw HIPS alerts out for things inside and outside the sandbox, but seeing as everything unknown will end up in the sandbox it's really not necessary.
As @Umbra said HIPS could theoretically catch malware that somehow evades the sandbox but the chance of running into a false negative (malware accidentally whitelisted by Comodo staff or Valkyrie) are extremely low and would only be caught by the paranoid HIPS setting which most users probably wouldn't want to use due to the amount of alerts it throws out and I've only ever heard rumours of malware that can actually escape the sandbox; I've never seen any actual proof of it happening and it can probably be mitigated by settings the privilege elevation setting to block instead of run inside container which would terminate the malware as soon as it attempts to gain admin privileges.
Paranoid is likely to catch the malware that evades sandbox but practically, the user may not be able to decide on the malicious confidence of the file, since Comodo has already 'allowed' the file to run outside of the sandbox (in the view of the user). Now, even if a person has set HIPS to paranoid, he may allow the malware program to run (among the many alerts regularly produced by HIPS) since legit apps also ask for similar actions like unlimited access to the system. The load rests much on the user.
One sure positive instance here will be when some program not expected to perform privileged actions (or an unknown program) is run out of sandbox and HIPS alerts and the user is smart enough to choose to 'lockdown' and block the app then and there.

Regarding the malware that could (if) escape the sandbox, setting privilege escalations to 'Block' by default can cause undersirable results for the legit apps the user runs/will run in sandbox, those requiring privilege escalations, all of this just to prevent even the slimmest chances of malware escaping via privilege escalation.
These settings are not to be doubted, but they are very less practical in many cases (except for the people/orgs that need a total lockdown).
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Paranoid is likely to catch the malware that evades sandbox but practically, the user may not be able to decide on the malicious confidence of the file, since Comodo has already 'allowed' the file to run outside of the sandbox (in the view of the user). Now, even if a person has set HIPS to paranoid, he may allow the malware program to run (among the many alerts regularly produced by HIPS) since legit apps also ask for similar actions like unlimited access to the system. The load rests much on the user.
Yeah. Obviously if the user allows the file to run through the HIPS alerts then they're going to have a bad time. Saying that I don't think HIPS are really needed at all in CFW. False negatives will be so uncommon that you'll probably never run into an instance where HIPS will save you from infection that the automatic sandboxing can't handle.
One sure positive instance here will be when some program not expected to perform privileged actions (or an unknown program) is run out of sandbox and HIPS alerts and the user is smart enough to choose to 'lockdown' and block the app then and there.
You'd hope but even the most cautious person can make mistakes. Thankfully I don't feel Comodo Firewall really lends itself to casual users who generally rely on automated solutions so those that use it will probably have at least some security knowledge.
Regarding the malware that could (if) escape the sandbox, setting privilege escalations to 'Block' by default can cause undersirable results for the legit apps the user runs/will run in sandbox, those requiring privilege escalations, all of this just to prevent even the slimmest chances of malware escaping via privilege escalation.
You get used to it. I've been on the end of plenty of instances of legitimate applications simply not running when I've attempted to run them and you eventually fall into a rhythm of opening up CFW's UI when this happens and unblocking the application. You'd have to do the same thing if it was set to run inside the container too, you'd just have an easier time knowing it was Comodo that's causing the issue.
 
Last edited:

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Could u suggest some?
It's not practical to review the thousands of Trusted Vendors. Instead, you can clean all of them out except the famous ones.
Cruel Sister has a short video on the same.
You can either delete all but some like above OR
Follow this only on a clean Windows installation (clean system): Delete all Trusted Vendors except those unchecked in CruelSister's video. Then, add all the existing apps and drivers present in the system to the Trusted list.
You're good to go! Now, you have a super trimmed and clean set of Trusted Vendors and you can later add a few famous (and trusted) ones to the list as and when required.
 

brambedkar59

Level 32
Verified
Top Poster
Well-known
Apr 16, 2017
2,125
It's not practical to review the thousands of Trusted Vendors. Instead, you can clean all of them out except the famous ones.
Cruel Sister has a short video on the same.
You can either delete all but some like above OR
Follow this only on a clean Windows installation (clean system): Delete all Trusted Vendors except those unchecked in CruelSister's video. Then, add all the existing apps and drivers present in the system to the Trusted list.
You're good to go! Now, you have a super trimmed and clean set of Trusted Vendors and you can later add a few famous (and trusted) ones to the list as and when required.
Thanks for video link, it was very informative.
I think i am good without it. It's too much hassle to add an vendor in tvl every time i install something.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Thanks for video link, it was very informative.
I think i am good without it. It's too much hassle to add an vendor in tvl every time i install something.
It's honestly not worth the effort to mess with the TVL in my opinion. I'm betting the majority of software you end up installing is on their list but if it isn't and you have any doubts you can always upload it to VT if you want a second opinion (or even a third opinion if you're running a traditional AV with CFW). Also keep in mind if you are running a supplementary AV with CFW it's behavioural blocking can add another layer of defence to anything malicious you might end up letting through Comodo's defences.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I think there is no point to trim down TVL but having Cloud lookup in File Rating Settings checked. The cloud lookup will overwrite the trimmed down TVL anyway, mostly
If we disable the cloud lookup, even with the full TVL, we will have a crazy number of apps being sandboxed
I think just disable the cloud lookup, we are well protected. However, more homework for us because we have to whitelist many more apps manually

the point of cloud lookup is to reduce the number of false positives and to block malicious apps faster
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top