App Review A Cruel CF Response

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
cruelsister
That's what I thought :)
Comodo by default does not isolate the download folder, so with your configuration the Ransomware could not act.

Nevertheless, I would like to understand how in my test, the Ransomware was able to encrypt the desktop and not in yours... Comodo bug?
And I think Comodo should make a rule for artificially inflated files, like F-Secure does.
 
  • Like
  • Applause
Reactions: Zero Knowledge, Fel Grossi, Kongo and 12 others
@cruelsister I thank you for the test.

Comodo, by default, runs an unknown application Fully Virtualized. Why do you suggest restricting a fully virtualized application's actions? Did any malware bypass Comodo Full Virtualization?
 
Last edited by a moderator:
  • Like
Reactions: kylprq, Kongo, Nevi and 2 others
rhythm said:
@cruelsister I thank you for the test.

Comodo, by default, runs an unknown application Fully Virtualized. Why do you suggest restricting a fully virtualized application's actions?
Click to expand...
The Restricted Setting is better and blocks network access for the application, hence the firewall prompt @cruelsister got when running default settings.

  • Run Virtually - The application will be run in a virtual environment completely isolated from your operating system and files on the rest of your computer.
  • Run Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications, like computer games, may not work properly under this setting.
 
  • Like
  • Applause
Reactions: kylprq, Zartarra, Kongo and 4 others
rhythm said:
@ErzCrz I should have been more clear. Edited the related post.
Click to expand...
Ah, ok. From memory, the default Run Virtually you have to answer prompts so there's potential for user error. You'll get a firewall prompt and access prompts. I find running Restricted is just easier and more secure, particularly if I'm not sure what to tick. @cruelsister can clarify, of course.
 
  • Like
Reactions: kylprq, Nevi, ForgottenSeer 100397 and 2 others
How does "Restricted" prevent user error or make it more secure?

The Set Restriction Level option is for applications running in the containment. You have pre-containment alerts to take action on, i.e., unknown applications or digitally signed applications not whitelisted by Comodo.

Looking at her video, she suggests hitting "Run in Containment" on the presented alerts. (The alerts are the same for safe applications.)

If the idea or goal is to run Comodo-approved applications only, then "Block" is the better approach to making Comodo easier or more secure. Isn't it?
 
  • Applause
Reactions: kylprq
rhythm said:
How does "Restricted" prevent user error or make it more secure?

The Set Restriction Level option is for applications running in the containment. You have pre-containment alerts to take action on, i.e., unknown applications or digitally signed applications not whitelisted by Comodo.

Looking at her video, she suggests hitting "Run in Containment" on the presented alerts. (The alerts are the same for safe applications.)

If the idea or goal is to run Comodo-approved applications only, then "Block" is the better approach to making Comodo easier or more secure. Isn't it?
Click to expand...
I had to go back through @cruelsister 's videos to find it. Running in Partially Limited does run everything virtualized but allowed to proceed whereas with Restricted you only get a Run in Containment popup. Comodo Firewall Containment vs Magniber Ransomware

Anyway, I prefer not having to answer pop-ups or let it run in the first place. My ultimate set and forget is to simply set it to Block but if I'm whitelisting it's easier to see what's exactly being blocked as Restricted. I also set Firewall Alert Settings to Do not show - Block Requests which was in her original setup video so I don't have to worry about those pop-ups either.
 
Last edited:
  • Like
Reactions: kylprq, Trident, Nevi and 1 other person
Here's my take, as I don't want to stretch the topic.

I get the proactive configuration suggestion, as it monitors all the areas.
I get the "Do not virtualize..." suggestion to apply the containment policies.
I do not understand the "Restricted" suggestion. This optional security measure doesn't secure the majority, who cannot handle the primary alerts.
 
Last edited by a moderator:
  • +Reputation
Reactions: kylprq
off Topic!

dear CruelSister

was wondering if you could help me out with testing WDAC policies using the WDAC wizard? Your expertise in this area would be invaluable. Could you do us a huge favor and test Microsoft's own WDAC tool for daily usage just in case our CruelCFW disappears. It would be amazing if you could help me with this. Let me know if you're up for it! Thanks a bunch! ☺️
 

You may also like...