AppCheck Anti-Ransomware

[Rebsat]

I agree in principle, but I run AppCheck with Q360 and Comodo Firewall, simply because I like being able to run programs sometimes that I feel are 98% to be trusted but don't have a signature etc. This means running outside of the restrictions of containment. In this case, AppCheck is there with the specific file protection against ransomware and also with protection for the MBR. I haven't ever experienced a conflict with these two and A/C...

Thanks for the question. I have been meaning to find out which containment settings choices lead to containment where everything can happen but changes happen in the Comodo sandbox. I think I have things set up so that unrecognized run isolated somehow, since programs don't work in auto-contain. Going to find out at the Comodo Forum...

Thank you for your good explanation bro It was helpful
Questions:
1. I was wondering if you are using Comodo Firewall with Cruelsister's settings or not?
2. Do you think Avast Free Antivirus works good with AppCheck without any conflict?

 

[Evjl's Rain]

Thank you for your good explanation bro It was helpful
Questions:
1. I was wondering if you are using Comodo Firewall with Cruelsister's settings or not?
2. Do you think Avast Free Antivirus works good with AppCheck without any conflict?

1/ yes I'm using CS's settings with a few personal experimental tweaks
2/ yes they don't have any conflict so far. Not sure after several updates, they create any silent conflict, I have no idea (like avast & OSArmor)

 

[Rebsat]

2/ yes they don't have any conflict so far. Not sure after several updates, they create any silent conflict, I have no idea (like avast & OSArmor)

Thank you very much for your informative answer bro and I am really proud of you
BTW, Do I need to add any exclusions for AppCheck in the Comodo Firewall and Avast Free Antivirus settings?

 

[Evjl's Rain]

Thank you very much for your informative answer bro and I am really proud of you
BTW, Do I need to add any exclusions for AppCheck in the Comodo Firewall and Avast Free Antivirus settings?

you should do that for better compatibility and to avoid minimize conflicts. Add the main folders of each program to the other ones
SECURE - Evjl's Rain's security config

 

[AtlBo]

Thank you for your good explanation bro It was helpful
Questions:
1. I was wondering if you are using Comodo Firewall with Cruelsister's settings or not?
2. Do you think Avast Free Antivirus works good with AppCheck without any conflict?

Yes, but I have HIPS set on Safe Mode. Also, she has the containment alerts turned off, but I have them on. I also like to see when something is requested elevated privileges. I think she has that turned off but can't remember exactly. I like to see these alerts, but I respect her view, because they do introduce the potential for a mistake if one is not careful. This is another reason I run AppCheck...

If you trust Comodo's judgement enough to run without the alerts I have enabled above, you won't have any malware...99.99% of malware will be blocked by the container right out of the gate. Maybe I shouldn't, but I do run some unsigned software, and I also use some scripts, so I have tried to learn how to manage the extra alerts with the proper precautions and understanding of what can happen. Haven't had any problems so far.

2. I run Comodo with Avast on two PCs. However, I have not installed AppCheck on them. I don't use them as much, and they are not as powerful as this PC. One is a core 2 duo PC and the other a core 2 quad. This one is my main PC with an i5. @Evjl's Rain's exclusions and setting for Avast should get you going ...

thank you for your reply but I still thing running 360 + CF + appcheck is a waste of resource. I think avast + CF is a lot better than 360+CF because 360 has been going downhill a lot against ransomwares according to the hub tests. I think it's no longer sufficient against malwares nowadays

@Evjl's Rain...I agree with you about Avast. However, I like 360 in spite of the fact that it is not great with 0 day threats...which seem to largely be ransomware. I like the architecture of 360 and the sandbox. That's the main thing for me.

 

[Rebsat]

@Evjl's Rain
I am planning to configure my combo on a new PC with a fresh installed windows, in order to make my combo works properly without any difficulties and issues I am asking Which of the following softwares should I install it first on my PC? then which one to be second? and finally which one to be the last one? Thanks
- Avast Free Antivirus
- Comodo Firewall
- AppCheck Pro

 

[Evjl's Rain]

@Evjl's Rain
I am planning to configure my combo on a new PC with a fresh installed windows, in order to make my combo works properly without any difficulties and issues I am asking Which of the following softwares should I install it first on my PC? then which one to be second? and finally which one to be the last one? Thanks
- Avast Free Antivirus
- Comodo Firewall
- AppCheck Pro

avast should be installed first and right after that, you must disable the trouble-maker "hardware-assisted virtualization" -> comodo firewall: immediately switch to proactive configuration and setup exclusion of avast + exclude comodo folder from avast-> reboot -> install appcheck if you want

you can uninstall avast's behavior shield when you have CF because it's not necessary and it may cause significant conflict

 

[RejZoR]

avast should be installed first and right after that, you must disable the trouble-maker "hardware-assisted virtualization" -> comodo firewall: immediately switch to proactive configuration and setup exclusion of avast + exclude comodo folder from avast-> reboot -> install appcheck if you want

you can uninstall avast's behavior shield when you have CF because it's not necessary and it may cause significant conflict

I don't see why you'd remove single most critical protective feature in avast!...

 

[HunterKhajiit]

if i don't enable Comodo's HIPS then i would leave "hardware-assisted virtualization" setting on?

 

[Evjl's Rain]

I don't see why you'd remove single most critical protective feature in avast!...

if he knows how to use comodo's sandbox properly, malwares will never ever reach the stage when Behavior shield works. They will be blocked by signatures or sandboxed by CF
I was using avast+CF for 6 months. I know what I'm talking about. I have tested with real malwares and known safe files
Behavior shield will work only if malwares pass through these layers in order:
1/ undetected by all other layers of avast: web shield, file shield
2/ user intentionally allows the malwares to run outside CF's sandbox or comodo's analysts trust the malwares by mistake
3/ malwares are not .exe or allowed by Hardened mode aggressive. HM always works only if the file is running outside the sandbox
4/ Behavior shield only works at this stage

usually, malwares will be stopped in the at the first 3 stages. I was using behavior shield, too but I think it's a waste of resources and in fact it's not as optimized in resource usage as other BBs in other AVs

if i don't enable Comodo's HIPS then i would leave "hardware-assisted virtualization" setting on?

you shouldn't because I suspect comodo firewall also uses some kind of hardware virtualization for its sandbox so conflicts are very very likely. I did have a conflict in the past and disabling that option is the only solution
HIPS doesn't cause conflict, I think

ps: OK, let's back to appcheck

 

[HunterKhajiit]

if he knows how to use comodo's sandbox properly, malwares will never ever reach the stage when Behavior shield works. They will be blocked by signatures or sandboxed by CF
I was using avast+CF for 6 months. I know what I'm talking about. I have tested with real malwares and known safe files
Behavior shield will work only if malwares pass through these layers in order:
1/ undetected by all other layers of avast: web shield, file shield
2/ user intentionally allows the malwares to run outside CF's sandbox or comodo's analysts trust the malwares by mistake
3/ malwares are not .exe or allowed by Hardened mode aggressive. HM always works only if the file is running outside the sandbox
4/ Behavior shield only works at this stage

usually, malwares will be stopped in the at the first 3 stages. I was using behavior shield, too but I think it's a waste of resources and in fact it's not as optimized as in resource usage other BBs in other AVs


you shouldn't because I suspect comodo firewall also uses some kind of hardware virtualization for its sandbox so conflicts are very very likely. I did have a conflict in the past and disabling that option is the only solution
HIPS doesn't cause conflict, I think

Ok,i have Appcheck AR,Avast free and CF and voodoshield running atm in my pc,i have disabled Avast hardware virtualization setting off
i have no conflicts so far. and hey i disabled avast Hardened mode because i like more VS

 

[Syafiq]

@PcGamer123, you don't need CF when you have VS Because VS will blocks everything before CF sandboxes it

 

[HunterKhajiit]

@PcGamer123, you don't need CF when you have VS Because VS will blocks everything before CF sandboxes it

Ok yeah, but in terms of firewall

 

[Syafiq]

Ok yeah, but in terms of firewall

If you're just using the firewall component, then it's ok

 

[AtlBo]

If anyone is interested, I posted a question about the sandbox in the Comodo forum. In retrospect, I think I was trying to ask which containment setting for an application gives the most leeway to the contained application. I wasn't thinking that way when I started the thread, but if I had been maybe I could have then asked some deeper questions about the limitations on applications of each choice for a sandboxed app (i.e. run virtualized, run restricted, run limited, etc.). Here is the thread.

Set up Auto-Contain to Run Unrecognized without Restriction-Changes in Container - Firewall Help - CIS

I had some pretty good thoughts come to mind about Comodo after thinking more about containment technology (where they could go). Think I sensed they have some really good options. It was very good to hear of upcoming improvements from Comodo. Seriously hope their days of pushing into unprofitable ventures are over. The changes mentioned by umesh sound interesting enough, and looks like they will be in a soon to be released beta for CCAV...

 

[Mr.X]

Now v2.4.7.1 installed this morning is causing this in Chrome x64/Sandboxie on Windows 8.1 x64:

SBIE2203 Failed to communicate with Sandboxie Service:  *GUIPROXY_00000001 - chrome.exe [FF000000]

Real-time protection is enabled, the rest is off.
As soon as I turn off real-time protection SBIE/Chrome are happy again.

 

[Andrew999]

Version 2.4.10.1 (08. Feb. 2018. 08:00 UTC)

• Stabilized Exploit Guard
• Exploit Guard official release (Set enable by default)
• Fixed files remaining when uninstall AppCheck

 

[Deleted member 65228]

if i don't enable Comodo's HIPS then i would leave "hardware-assisted virtualization" setting on?

It's for the Comodo Sandbox, and you'll need virtualisation enabled via the BIOS; bear in mind that your hardware must support it. Hardware virtualisation support is embedded into the CPU hardware, and Intel have Intel VT-x whereas AMD have AMD SVM. Most Intel and AMD CPUs will support the technology, and it was originally introduced around the year 2006.

If you plan on using Comodo Sandbox and truly want to be safe, keep the setting enabled. Virtualisation-based isolation is a lot more secure than without it, and creates a border-line between "true" isolation. The hardware-assisted virtualisation feature will work by using the hyper-visor.

 

[DeepWeb]

AppCheck needs to stop creating backup folders on all partitions. There is no reason why my EFI System Partition needs your backup folder. It ended up being the cause for why I couldn't upgrade to the latest Windows build... AppCheck needs to exclude those partitions.

 

[Andrew999]

AppCheck needs to stop creating backup folders on all partitions. There is no reason why my EFI System Partition needs your backup folder. It ended up being the cause for why I couldn't upgrade to the latest Windows build... AppCheck needs to exclude those partitions.

If you want you can send a message here CheckMAL they are good at replying. I have messaged a few times and have got a reply. They should hopefully fix or have an explanation why they are creating backup folders on all partitions.