Advice Request CFW with this 'Partially Limited' bug with UAC ON ?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

floalma

Level 4
Thread author
Verified
Apr 5, 2015
182
Sorry, I don't think I have understood quite well. Not good, my english. Thank you.

1.With CS settings and UAC off, if I run under a Standard Account any program with Admin level required, it will be denied automatically by Win10.
So, in this case, I only will get one pop up, the one from CF, right ?

2.n the same situation, how can I run a program with Admin level if it's denied by Win10 ?

Sorry- Using CF in a Standard user account won't change anything in so far as account status is concerned. It is just that the UAC Elevation prompt is duplicated by CF.
 

floalma

Level 4
Thread author
Verified
Apr 5, 2015
182
Two different ways with different results:

With Standard Account:

1.With UAC off and for those programs who need admin privileges, I still have the UAC Elevation prompt.
2.In the registry, if I change EnableLUA to '0', I disable in all the different accounts (Admin, Standard).
In this case, no UAC Elevation prompt to run. But, for security programs if you right click to 'run as Admin', you will get a pop up that said you 'don't have enough privilege'. For the others programs that you want manually to run as Admin like Firefox, Chrome, it will run with the Standard privileges and not with Admin privilege (no pop up in this example).


PS: I don't have GPO in my Win10. (that's why i changed in the registry EnableLUA to 0).


@floalma , would the soft execute if you selected to Run as administrator?
 
Last edited:

floalma

Level 4
Thread author
Verified
Apr 5, 2015
182
@cruelsister
Standard Account (Win10)
1.With UAC at 'Never Notify' (from Control Panel) as you said, nevertheless, I still have UAC Elevation prompt.
2.With EnableLUA to '0', no more pop up Admin for credentials.
Which way to fix so that Comodo runs everything as 'Restricted' and not as 'Partial Limited' ? Second one ?
 
Last edited:
  • Like
Reactions: Nestor

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
@cruelsister
Standard Account (Win10)
1.With UAC at 'Never Notify' (from Control Panel) as you said, nevertheless, I still have UAC Elevation prompt.
2.With EnableLUA to '0', no more pop up Admin for credentials.
Which way to fix so that Comodo runs everything as 'Restricted' and not as 'Partial Limited' ? Second one ?
I don't think partialy limited is the end of the world.Still do the job very well!:):)
 
  • Like
Reactions: floalma

floalma

Level 4
Thread author
Verified
Apr 5, 2015
182
I haven't yet installed it on Win10. I installed it on Vista a few little years ago and I got some bugs with the FF addons. I contacted Comodo Staff, but they couldn't fixed this old issue. Now, I'd like to install on Win10 without any troubles.
 
  • Like
Reactions: Nestor

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
With UAC at 'Never Notify' (from Control Panel) as you said, nevertheless, I still have UAC Elevation prompt.

Did you reboot after changing settings?

Which way to fix so that Comodo runs everything as 'Restricted'

See my CF videos for a step by step. You probably won't get and Elevation prompts at this setting as CF will kill the file prior to the request.

But for those UAC fans that like to test- Set UAC to the max and try a signed (by ANYONE) malware file or a typical wannacry.
 

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
I haven't yet installed it on Win10. I installed it on Vista a few little years ago and I got some bugs with the FF addons. I contacted Comodo Staff, but they couldn't fixed this old issue. Now, I'd like to install on Win10 without any troubles.
ok,i also like conttainment in restricted mode,but with partialy restricted or even without CS settings i hardly ever saw a test with CIS to be infected.Just my opinion.:)
 

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Nestor- Same here. My background is both in major Breach Analysis as well as having a criminal record for being a Blackhat (I can code). Although I've been called a FanGirl of Comodo that's only because I do monthly manual system analysis in order to see if anything is amiss as well as direct testing of nasties that I coded and ran against CF. So far I've found one RAT breach (2 years ago) that was fixed- and fixed well. But if I ever saw a major issue I would drop CF quicker than I do boyfriends.

However most do not really do any analysis of their systems. The saddest comments that I always see are the ones like: "I've been using Product X for years and never been infected!!!!" Really? Or is it that Product X still can't detect the malware that has been running rampant on that system for years?

There is a reason why the Conficker worm is still a major malware issue even though it has been out since 2008. An alert from Microsoft from April 2018 here: https://support.microsoft.com/en-us/help/962007/virus-alert-about-the-win32-conficker-worm

Most people would rather believe that if their primary AV and typical secondary scanners (MB, HMP) show nothing amiss that everything is fine. Must be nice to live in Wolkenkuckucksheim. Personally I've never had the pleasure...
 

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
Nestor- Same here. My background is both in major Breach Analysis as well as having a criminal record for being a Blackhat (I can code). Although I've been called a FanGirl of Comodo that's only because I do monthly manual system analysis in order to see if anything is amiss as well as direct testing of nasties that I coded and ran against CF. So far I've found one RAT breach (2 years ago) that was fixed- and fixed well. But if I ever saw a major issue I would drop CF quicker than I do boyfriends.

However most do not really do any analysis of their systems. The saddest comments that I always see are the ones like: "I've been using Product X for years and never been infected!!!!" Really? Or is it that Product X still can't detect the malware that has been running rampant on that system for years?

There is a reason why the Conficker worm is still a major malware issue even though it has been out since 2008. An alert from Microsoft from April 2018 here: https://support.microsoft.com/en-us/help/962007/virus-alert-about-the-win32-conficker-worm

Most people would rather believe that if their primary AV and typical secondary scanners (MB, HMP) show nothing amiss that everything is fine. Must be nice to live in Wolkenkuckucksheim. Personally I've never had the pleasure...
True,agree to all.I don't have the minimum of your experience, i just ttry to learn and experiment with security suites,though i am not consider myself Comodo fanboy, in fact i am not fanboy to anything in my life but i must say,it is the only product i am excited. at that time.:):)
 

floalma

Level 4
Thread author
Verified
Apr 5, 2015
182
@cruelsister
Yes, I rebooted after changing settings. For this reason, I asked this.
With 'Never Notify', still get UAC prompts.


I already seen your latest CF videos and old ones.

Did you reboot after changing settings?



See my CF videos for a step by step. You probably won't get and Elevation prompts at this setting as CF will kill the file prior to the request.

But for those UAC fans that like to test- Set UAC to the max and try a signed (by ANYONE) malware file or a typical wannacry.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top