CFW/cs - No Alerts but Actions?

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
I use CF the CS way but I have found after set-up that the only way I know what it blocked is by opening up Advanced View of the GUI and reviewing whether CFW Blocked anything in the four categories: Contained Apps,
Unrecognized Files, Network Intrusions, and Blocked Applications, and then proceed accordingly. Sometimes I have found a program listed but received no notification that CFW took an action.

The only other indicator is when a program is virtualized by a Green colored frame encircling the GUI of the program in question.

Only other sort of notification is if I receive a Windows Error Message when I am working with a program.

I appreciate what CS has accomplished with bullet-proofing the security of my PC but I wish there was an alternate way to use her settings but at the same time, receive Pop-Up alerts when it takes an action. As you can see from the screenshot of Containment there is only one setting of "Do Not Show Privilege Elevation Alerts" where you have several options but if you uncheck it, you are only presented with "Run Isolated" which I assume means it will present me with a pop-up to make a choice.

I have a feeling activating HIPS will do what I am inquiring about but it is very noisy as I have read elsewhere, whereas Containment used as CS suggested is less noisy and just as effective. No happy medium, I guess? Suggestions?
 

Attachments

  • Snap 2019-07-19 at 16.52.50.png
    Snap 2019-07-19 at 16.52.50.png
    81 KB · Views: 384
  • Snap 2019-07-19 at 17.11.25.png
    Snap 2019-07-19 at 17.11.25.png
    83.2 KB · Views: 426
Last edited:

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
Screenshot_2.png
I
use this option in the orange color to reset the sanbox, in the gray color it is to see if it has put something in quarantine, and in the higher numbers it will realize what is in the sanbox or will have to give permission for it to make. be reliable / not / or give it to delete.
 

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
View attachment 217173I
use this option in the orange color to reset the sanbox, in the gray color it is to see if it has put something in quarantine, and in the higher numbers it will realize what is in the sanbox or will have to give permission for it to make. be reliable / not / or give it to delete.

Forgive my ignorance here but what version of CFW does your screenshot refer? I am using CFW v12, the latest? Thanks
 

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
If I may ask without railroading this thread...What are you guys using with CFW??

For myself, I integrated the CAV module from CIS for consistency but am using cs settings, as I dislike WD's menu wading. For the sake of Cruelsister suggestions, and what everyone else mostly agrees, CFW with her settings alone is all that you need.
 
Last edited:

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
I must not be eating enough Brain food as I just discovered that I asked the same question a year ago in this thread:

This might help me. Hope it helps all of you.

Sorry for the sudden senility:).
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I use CF the CS way but I have found after set-up that the only way I know what it blocked is by opening up Advanced View of the GUI and reviewing whether CFW Blocked anything in the four categories: Contained Apps,
Unrecognized Files, Network Intrusions, and Blocked Applications, and then proceed accordingly. Sometimes I have found a program listed but received no notification that CFW took an action.

The only other indicator is when a program is virtualized by a Green colored frame encircling the GUI of the program in question.

Only other sort of notification is if I receive a Windows Error Message when I am working with a program.

I appreciate what CS has accomplished with bullet-proofing the security of my PC but I wish there was an alternate way to use her settings but at the same time, receive Pop-Up alerts when it takes an action. As you can see from the screenshot of Containment there is only one setting of "Do Not Show Privilege Elevation Alerts" where you have several options but if you uncheck it, you are only presented with "Run Isolated" which I assume means it will present me with a pop-up to make a choice.

I have a feeling activating HIPS will do what I am inquiring about but it is very noisy as I have read elsewhere, whereas Containment used as CS suggested is less noisy and just as effective. No happy medium, I guess? Suggestions?
If I got you right, you are looking to be notified in a consistent way every time Comodo takes action on one of your files.
And you are getting a satisfactory notification from Containment, i.e., the green frame around the window.
So why not change the various default block rules in Autocontainment to do the same as the rule for unrecognized files? Then you should get consistent behavior.
 

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
If I got you right, you are looking to be notified in a consistent way every time Comodo takes action on one of your files.
And you are getting a satisfactory notification from Containment, i.e., the green frame around the window.
So why not change the various default block rules in Autocontainment to do the same as the rule for unrecognized files? Then you should get consistent behavior.

In an earlier posting which I referenced above CS suggested using FW Custom rules to be alerted to FW Block actions.
Is your suggestion related to Comodo Fix?
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
In an earlier posting which I referenced above CS suggested using FW Custom rules to be alerted to FW Block actions.
Is your suggestion related to Comodo Fix?
No, sorry, apparently I just don't understand the issue.
 
  • Like
Reactions: simmerskool

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
No, sorry, apparently I just don't understand the issue.
You understood me correctly. Under CS settings, CFW does not really alert you when it blocks or contains a file with a pop-up alert. The file is just just blocked from doing anything. With Custom Setting, the Fw will display a pop-up whenever it blocks something from connecting. Containment just presents Green Frame, and Unrecognized just when I see a number in the GUI.
 
  • Like
Reactions: shmu26

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top