App Review A Comodo Firewall Beta 2 Quick Dance

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
cruelsister

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Also regarding my question about svchost, that a safe rule would be ignored if the parent process was malware, correct?
svchost is utilized by many applications, including various types of malware. For CF, if it is spawned by something either malicious or just Unknown it will also be contained as will any command line arguments that can arise from it (similar to any Lolbin); thus specific restrictions are not needed and should not be done.

Aside from blocking Network access for any application that (for whatever reason) one does not want to call Home, further rules should be avoided.
 

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
svchost is utilized by many applications, including various types of malware. For CF, if it is spawned by something either malicious or just Unknown it will also be contained as will any command line arguments that can arise from it (similar to any Lolbin); thus specific restrictions are not needed and should not be done.

Aside from blocking Network access for any application that (for whatever reason) one does not want to call Home, further rules should be avoided.
That's great, thank you for the clarification :D
 
F

ForgottenSeer 103564

There were other as worse issues on comodo
so although this specific one is over more then 10 years ago and unsure if it's only certs for sites or to sign actual executables
Still wouldn't recommend comodo to someone who would be a target
its a script kid proof product not an actual adversary proof
there were white papers by both google zero and another group showing issues with their sandbox approach (still would have to specifically target it with a crafted exploit aka skid proof )
Im going to be fairly straight with this, as i posted for a reason. This is comodo's everything and has been. All their other products have always taken backseat to this. Look in their forums for abandoned, half baked applications. I hear everything from the bugs and crashes are myths to it having the ability to block stolen cert malware "which was ironically funny" I know of the breach because i was in the forums and using their products back then, which is another point i was trying to achieve here, im not new to it.

So when i state the product was not intended for average users, its because i know it intimately, not just because i read it somewhere or watched a video on it, or even followed someones advice on how to use it.
 
  • +Reputation
Reactions: Vitali Ortzi
F

ForgottenSeer 100397

Connections seem to be fine just hundreds in the logs within minutes if I don't create a rule.
Decided I'll just leave the automatically created Allow Outgoing rules for those that popped up in Blocked Applications and delete the others generated with the exception of default rules and turn back off the Create rules for safe applications. I can then just copy the rule for any others that subsequently show up being blocked. That way a rule isn't created for every application as this is only the case with a half a dozen applications ;)
Sometimes, trusted applications end up on the "Blocked Applications" list. Right now, I have "OfficeClickToRun.exe" in there, and it has several blocked entries in the logs. I just remove it from the list and clear the logs. Another solution is to unblock the apps in Blocked Applications. Also, you can set auto-containment to block and firewall to allow, which will solve the problem without affecting the protection.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top