- Apr 13, 2013
- 3,144
- Content source
- https://youtu.be/S6U_rZJ34HM
I've published this video as Unlisted (not seen publicly on my Channel) as it pertains to the Comodo discussions here on MT.
A Cruel CF Response
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Sep 2, 2021
- 2,295
That's what I thought 
Comodo by default does not isolate the download folder, so with your configuration the Ransomware could not act.
Nevertheless, I would like to understand how in my test, the Ransomware was able to encrypt the desktop and not in yours... Comodo bug?
And I think Comodo should make a rule for artificially inflated files, like F-Secure does.
Comodo by default does not isolate the download folder, so with your configuration the Ransomware could not act.
Nevertheless, I would like to understand how in my test, the Ransomware was able to encrypt the desktop and not in yours... Comodo bug?
And I think Comodo should make a rule for artificially inflated files, like F-Secure does.
@cruelsister I thank you for the test.
Comodo, by default, runs an unknown application Fully Virtualized. Why do you suggest restricting a fully virtualized application's actions? Did any malware bypass Comodo Full Virtualization?
Comodo, by default, runs an unknown application Fully Virtualized. Why do you suggest restricting a fully virtualized application's actions? Did any malware bypass Comodo Full Virtualization?
Last edited by a moderator:
- Aug 19, 2019
- 1,018
The Restricted Setting is better and blocks network access for the application, hence the firewall prompt @cruelsister got when running default settings.
- Run Virtually - The application will be run in a virtual environment completely isolated from your operating system and files on the rest of your computer.
- Run Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications, like computer games, may not work properly under this setting.
- Aug 19, 2019
- 1,018
Ah, ok. From memory, the default Run Virtually you have to answer prompts so there's potential for user error. You'll get a firewall prompt and access prompts. I find running Restricted is just easier and more secure, particularly if I'm not sure what to tick. @cruelsister can clarify, of course.
How does "Restricted" prevent user error or make it more secure?
The Set Restriction Level option is for applications running in the containment. You have pre-containment alerts to take action on, i.e., unknown applications or digitally signed applications not whitelisted by Comodo.
Looking at her video, she suggests hitting "Run in Containment" on the presented alerts. (The alerts are the same for safe applications.)
If the idea or goal is to run Comodo-approved applications only, then "Block" is the better approach to making Comodo easier or more secure. Isn't it?
The Set Restriction Level option is for applications running in the containment. You have pre-containment alerts to take action on, i.e., unknown applications or digitally signed applications not whitelisted by Comodo.
Looking at her video, she suggests hitting "Run in Containment" on the presented alerts. (The alerts are the same for safe applications.)
If the idea or goal is to run Comodo-approved applications only, then "Block" is the better approach to making Comodo easier or more secure. Isn't it?
- Aug 19, 2019
- 1,018
I had to go back through @cruelsister 's videos to find it. Running in Partially Limited does run everything virtualized but allowed to proceed whereas with Restricted you only get a Run in Containment popup. Comodo Firewall Containment vs Magniber Ransomware
Anyway, I prefer not having to answer pop-ups or let it run in the first place. My ultimate set and forget is to simply set it to Block but if I'm whitelisting it's easier to see what's exactly being blocked as Restricted. I also set Firewall Alert Settings to Do not show - Block Requests which was in her original setup video so I don't have to worry about those pop-ups either.
Last edited:
Here's my take, as I don't want to stretch the topic.
I get the proactive configuration suggestion, as it monitors all the areas.
I get the "Do not virtualize..." suggestion to apply the containment policies.
I do not understand the "Restricted" suggestion. This optional security measure doesn't secure the majority, who cannot handle the primary alerts.
I get the proactive configuration suggestion, as it monitors all the areas.
I get the "Do not virtualize..." suggestion to apply the containment policies.
I do not understand the "Restricted" suggestion. This optional security measure doesn't secure the majority, who cannot handle the primary alerts.
Last edited by a moderator:
same here I also think running only trusted apps block else at first better suits zero trust thingy
off Topic!
dear CruelSister
was wondering if you could help me out with testing WDAC policies using the WDAC wizard? Your expertise in this area would be invaluable. Could you do us a huge favor and test Microsoft's own WDAC tool for daily usage just in case our CruelCFW disappears. It would be amazing if you could help me with this. Let me know if you're up for it! Thanks a bunch!
dear CruelSister
was wondering if you could help me out with testing WDAC policies using the WDAC wizard? Your expertise in this area would be invaluable. Could you do us a huge favor and test Microsoft's own WDAC tool for daily usage just in case our CruelCFW disappears. It would be amazing if you could help me with this. Let me know if you're up for it! Thanks a bunch!
Similar threads
