CF with CS - Good Enough Alone?

[Evjl's Rain]

Hi Guys! Just saw this thread and curiously enough I also was wondering (as I know some folk NEED to have an AV in place to feel secure) what AV would be the most compatible with CF. Last year this would have been an easy question to answer, but because a bunch of AV's have been screwing around with there basic protection modality, and Comodo has upped the base protection of the Sandbox (Containment) this is no longer the case.

I'm only in the (very) beginning stages, but have already seen that Avast/AVG are not a good match. Kaspersky free, for which the initial build was promising is no longer an option. When installing Kasp Free one of the first screens seen is an alert to uninstall CF (as if...). One can still install Kaspersky Free, but in what seems to be a Quid Pro Quo from Comodo quite a few Kaspersky files are sandboxed; even after marking them as Trusted the resultant system is ponderously slooooooooow,

I'm currently up to Qihoo, which before added something (as far as detection is concerned) in the past. The odd thing is now Qihoo will not detect many things running in Containment! For instance, a CTBlocker will be detected and deleted by Comodo Cloud BEFORE Qihoo even sees it, whereas a Fortress Class ransomware will be detected and deleted by Qihoo within Containment. Nonetheless it seems that Qihoo Essentials has the best AV coverage with the least system impact so far- but I'm still in testing mode...

Other stuff:

1). I have the Upmost Regard for Dear Umbra, but must disagree with the current utility of the HIPS module for those that use my settings. At one time there was a specific case that it would have been needed (a RAT that I did a video on about a year ago), but Comodo has corrected this issue.

However for those that may want to un-sandbox an unsigned application that the user THINKS might be legitimate, then the HIPS could be easily turned on in this case (please don't use Paranoid; after the twentieth popup you'll go nuts).

2). Do I use an AV myself with CF?- I'm on Win10 and haven't yet bothered to turn off WD in Group Policy, so kinda-sorta. But I totally understand why some still feel more comfortable using an AV. Also, a Fun Fact- someone the other day sent me a njRat/Worm combo that was at that time undetectable by anything. Surprisingly enough in the first 18 hours only 6 products detected it, and one was Comodo (even a blind squirrel...)!

3).Last (and Least)- about in-browser crytocurrency miners- these really are no big thing as they are just using you CPU power when you stay on a certain webpage. Browse away from that site and the Miner is stopped. Reminds me of an app I installed when I was a teenager- it was from SETI and would use my CPU power when the system was idle in their serach for Alien Life (they never found any ET's, and the Miners probably aren't finding any Coins). Adding an Ad-Blocker may help, but you also will never see any targeted Ads. Personally my browsing habits are known and I was recently directed to a website that had unbelievably cute shoes (to be delivered next week). If I had an Ad-blocker in place I would have been lesser for it...

hi, CS, thank you for your reply
could you please try zemana + CF? I think it's even lighter and better than qihoo due to a lack of on-access monitoring. Qihoo's signatures don't match anyone nowadays
I'm using kasperskt free + CF without any conflict although I did get the message to uninstall CF before installing KFA.
I excluded kaspersky's folder in CF and comodo's folder in KFA. Zero conflict for quite a long time
I enabled on-execution scanning in KFA. They work perfectly fine and light

 

[kjdemuth]

I was using CFW and KFA for a while. It worked well and system impact was minimal. I loved using it. I've also used CFW w/ Avast free. Also a good option with hardening on.

 

[Hector1]

My brother's Pc with windows 7 is equipped with Comodo Firewall alone and not a single virus running (but a lot in the log of comodo events ).

 

[ZeroDay]

hi, CS, thank you for your reply
could you please try zemana + CF? I think it's even lighter and better than qihoo due to a lack of on-access monitoring. Qihoo's signatures don't match anyone nowadays
I'm using kasperskt free + CF without any conflict although I did get the message to uninstall CF before installing KFA.
I excluded kaspersky's folder in CF and comodo's folder in KFA. Zero conflict for quite a long time
I enabled on-execution scanning in KFA. They work perfectly fine and light

I'm also using KFA with CF and I have KFA at max settings. They're both excluded from each other and they work great together zero conflicts. Although I am starting to like WD more and more on another system.

 

[bribon77]

CS, thanks for your response, I agree with you that sometimes we use more things than we should. It is a psychological thing and so you stay calmer, but in truth it is not necessary. I have used Comodo Firewall and Cis from the beginning with many configurations in paranoid mode etc. but your configuration seems to me Excellent. I've tried it well with all kinds of malwares and so far it has not failed me. You can use only CF without any problem.

 

[AtlBo]

although CF alone is enough, I prefer to use it with a light AV to reduce CF workload, you would get less amount of popups because malwares are blocked before being sandboxed

I have found this is a very appropriate way to work with CF. This is effective. I have liked Qihoo for its sandbox mostly that seemed smoother to me than Comodo's containment. So I can run MS Office in sandbox and still get good performance. Great thing about CF is you get the containment and the firewall too. It's good even if I wish it had better logging and was a little bit easier to configure rule by rule.

Also, not to stir concerns over Comodo bugginess, but I like having the Qihoo sandbox to test programs sometimes, because of latent flashbacks from former versions of Comodo firewall (v6 etc.). Yet, CF must be reliable, and I have seen exactly one bypass of the program, which was a cloud lookup error of human origins. Never seen v10 of the program bypassed due to a bug or even heard a tale of such an event. That must mean something about the reliability of CF, and @cruelsister's scheme is so obviously fool-proof with regards to initially blocking malware...

If someone wants really lean, I don't see why there is any need to add anything to Comodo.

@cruelsister mentioned Qihoo Essentials. I wonder if she can verify whether it is still ad free? If so, there is no reason not to use it as long as it still contains the sandbox. The definitions will surely be the same and any good add ons Qihoo comes up with are also in the form of a standalone package. Mention of Qihoo Essentials has me thinking about moving over now...Thanks @cruelsister...I think since the last time I checked Essentials was a half a version behind in development...

 

[mamamia]

hi, CS, thank you for your reply
could you please try zemana + CF? I think it's even lighter and better than qihoo due to a lack of on-access monitoring. Qihoo's signatures don't match anyone nowadays
I'm using kasperskt free + CF without any conflict although I did get the message to uninstall CF before installing KFA.
I excluded kaspersky's folder in CF and comodo's folder in KFA. Zero conflict for quite a long time
I enabled on-execution scanning in KFA. They work perfectly fine and light

Is CF+KAV ( "antivirus" version, not free) compatible?.

 

[SearchLight]

Thanks Cruelsister for weighing in. After, reading some of the replies, I added Avast Free but you feel now, it and CF are not a good match.

So what do you think of adding just ZAM or ZAL to CF? Good enough or overkill still?

If most can vouch to go it alone with CFW meaning it is adequate enough, then I can settle with that.

I think the mind block for some including myself of not using CF alone is the adage that the best approach is layered security.

Second, in my opinion, is probably the reference to CF as just a software firewall, and nothing more. Maybe, if it was reclassified or renamed as something else, it might be more acceptable as a security app that is more than adequate to be used alone, and satisfy the needs of most people.

Just food for thought.

 

[Evjl's Rain]

Is CF+KAV ( "antivirus" version, not free) compatible?.

no problem for a long time
just make sure you add exclusions in both products

 

[Electr0n]

Hi Guys! Just saw this thread and curiously enough I also was wondering (as I know some folk NEED to have an AV in place to feel secure) what AV would be the most compatible with CF. Last year this would have been an easy question to answer, but because a bunch of AV's have been screwing around with there basic protection modality, and Comodo has upped the base protection of the Sandbox (Containment) this is no longer the case.

I'm only in the (very) beginning stages, but have already seen that Avast/AVG are not a good match. Kaspersky free, for which the initial build was promising is no longer an option. When installing Kasp Free one of the first screens seen is an alert to uninstall CF (as if...). One can still install Kaspersky Free, but in what seems to be a Quid Pro Quo from Comodo quite a few Kaspersky files are sandboxed; even after marking them as Trusted the resultant system is ponderously slooooooooow,

I'm currently up to Qihoo, which before added something (as far as detection is concerned) in the past. The odd thing is now Qihoo will not detect many things running in Containment! For instance, a CTBlocker will be detected and deleted by Comodo Cloud BEFORE Qihoo even sees it, whereas a Fortress Class ransomware will be detected and deleted by Qihoo within Containment. Nonetheless it seems that Qihoo Essentials has the best AV coverage with the least system impact so far- but I'm still in testing mode...

Other stuff:

1). I have the Upmost Regard for Dear Umbra, but must disagree with the current utility of the HIPS module for those that use my settings. At one time there was a specific case that it would have been needed (a RAT that I did a video on about a year ago), but Comodo has corrected this issue.

However for those that may want to un-sandbox an unsigned application that the user THINKS might be legitimate, then the HIPS could be easily turned on in this case (please don't use Paranoid; after the twentieth popup you'll go nuts).

2). Do I use an AV myself with CF?- I'm on Win10 and haven't yet bothered to turn off WD in Group Policy, so kinda-sorta. But I totally understand why some still feel more comfortable using an AV. Also, a Fun Fact- someone the other day sent me a njRat/Worm combo that was at that time undetectable by anything. Surprisingly enough in the first 18 hours only 6 products detected it, and one was Comodo (even a blind squirrel...)!

3).Last (and Least)- about in-browser crytocurrency miners- these really are no big thing as they are just using you CPU power when you stay on a certain webpage. Browse away from that site and the Miner is stopped. Reminds me of an app I installed when I was a teenager- it was from SETI and would use my CPU power when the system was idle in their serach for Alien Life (they never found any ET's, and the Miners probably aren't finding any Coins). Adding an Ad-Blocker may help, but you also will never see any targeted Ads. Personally my browsing habits are known and I was recently directed to a website that had unbelievably cute shoes (to be delivered next week). If I had an Ad-blocker in place I would have been lesser for it...

Have you tried avast with file and webshield only? What conflicts did you notice?

 

[Kwan ST]

A couple of months ago I installed on my PC and tablet CF+CS but I had to remove it because of constant BSOD on both machines.
I'm waiting for a new major Windows 10 update to try it again.

 

[AtlBo]

A couple of months ago I installed on my PC and tablet CF+CS but I had to remove it because of constant BSOD on both machines.
I'm waiting for a new major Windows 10 update to try it again.

@Kwan ST, do you still have the minidumps from the bluescreens? If so, try this site, and maybe you can find out where the conflict was:

Instant Online Crash Analysis

Copy the outputs from your dumps and you can start a thread here for assistance if required:

Apps - Questions & Help

 

[Kwan ST]

@Kwan ST, do you still have the minidumps from the bluescreens? If so, try this site, and maybe you can find out where the conflict was:

Instant Online Crash Analysis

Copy the outputs from your dumps and you can start a thread here for assistance if required:

Apps - Questions & Help

No, I don't have minidumps but I figured out that the problem was CF because I never had any BSOD before installing nor after.
I'm for now the happy user of Qihoo 360 Total Security.

 

[AtlBo]

OK, hope your issue with Windows gets worked out so you can use Comodo. It works well with Q360.

Maybe you could bookmark the site in case you have bluescreens again when the next Windows update rollup comes out. The site analysis output is much better than anything else out there in terms of debugging...far better than Bluescreenview or WhoCrashed free.

Q&A - Site for Detailed Bluescreen Dump Analysis

BTW, that kind of problem can occur with Comodo if it auto-contains a process that requires SYSTEM access. Then again, it could be 100% something Windows related that went awry on your system with Comodo there. Seems a little bit likelier a driver to me though.

 

[SearchLight]

What about pairing Forticlient with CF? ForgottenSeer 58943 almost swears by it.

Sounds like an unbeatable combo, so what do you all think: Cruelsister, Evj, Umbra, OpCode, et al?

Have you guys tested this combo?

 

[Garzaman]

What about pairing Forticlient with CF? ForgottenSeer 58943 almost swears by it.

Sounds like an unbeatable combo, so what do you all think: Cruelsister, Evj, Umbra, OpCode, et al?

Have you guys tested this combo?

I was testing it yesterday on my VM (W10 Falls Creator Update Pro x64, 4 Gb RAM) and I was having instability problems on my system.

When I removed CF in that equation and left Forticlient as the only defensive line, the problems were still there.

Testing on a VM is not really definitive, yes, I know it, and those same instability problems should not be repeated on my Host System.

In case anyone's wondering if I stopped the tests there, I'll say after I test CIS and it worked fine.

By the way and OffTopic, today I'm testing Kaspersky free + NVT OSA and Wow! Too bad for me don't have a decent collection of malware to test it more reliably

 

[ZeroDay]

Is CF+KAV ( "antivirus" version, not free) compatible?.

No. Because Kaspersky paid AV has system watch

What about pairing Forticlient with CF? ForgottenSeer 58943 almost swears by it.

Sounds like an unbeatable combo, so what do you all think: Cruelsister, Evj, Umbra, OpCode, et al?

Have you guys tested this combo?

Kaspersky free AV is perfect alongside Comodo firewall. You've got the best of both worlds with that comodo too - Amazing signatures and web shield with KFA and amazing zero day protection with CF too. I've been running that combo and they run great together. I'm also using WD with CF on another machine and they work great together too.

 

[Deleted member 178]

What about pairing Forticlient with CF? ForgottenSeer 58943 almost swears by it.

Sounds like an unbeatable combo, so what do you all think: Cruelsister, Evj, Umbra, OpCode, et al?

Have you guys tested this combo?

i don't like AVs which are useless to me, i dont like Comodo anymore since it is plagued by serious bugs they don't even care of...so no i won't even waste my time to test this.

 

[SearchLight]

i don't like AVs which are useless to me, i dont like Comodo anymore since it is plagued by serious bugs they don't even care of...so no i won't even waste my time to test this.

OK CFW/CS users, Umbra feels it has serious bugs. CS, you want to weigh in?

If true, maybe we need to find a more stable alternative. Also, defeats the purpose of using CF if the bugs might compromise our security.

Until now, it seems that most of you like me find this v10 "stable" but I am not an IT pro.

Opinions?

 

[AtlBo]

By the way and OffTopic, today I'm testing Kaspersky free + NVT OSA and Wow! Too bad for me don't have a decent collection of malware to test it more reliably

@Garzaman...if you do happen to test some malware, could you post some test results? Anything would be nice with regards to actually seeing how OSArmor handles malware.

OSA is generally fairly quiet, meaning to me that it seems possible to link in a more significant way the alerts to malicious activity. If it fires an alert for most malware, I think those would be very meaningful and establish a high degree of confidence for me in the relevance of the application overall. I already have a fairly high degree of confidence , but there is always the old adage, "trust but verify"