CIS 10 stable released

Status
Not open for further replies.

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I use CFW only with Internet Security config.
I did that to test the usability, otherwise I have to download new programs as already there on the system before CFW install is treated as trusted. And I did that also to check it works as intended. And it works as intended But from some programs I didn't get autosandbox alerts though they were correctly autosandboxed like I tried SecureMyBit, SubtitleEdit & correctly were autosandboxed & alerts were there But I tried ExpressVPN, openvpn.exe & xvpnd.exe were autosandboxed & no alerts were there.
And I noticed that if same files/programs appear on both i.e "Unrecognized Files" & "Unblock Applications", its better to use "Unblock Applications" to unblock/trust them coz unblocking/trusting files/programs through "Unblock Apps" removes the same entry from "Unrecognized Files" list too And thats good.
But if you use "Unrecognized Files" list to unblock/trust files/programs then same entry are not removed from "Unblock Apps" And there is no way to manually remove them. Offcoz you can unblock here too to remove them But will be double work & dont know if duplicate entries will be there or not in files list, etc (that time didn't come to mind to check).

I reverted now to clean snapshot.
Usability seems improved And "Unblock Applications" is good addition to quickly & easily unblock apps.
I may try it on my family system, not decided yet.

They are going to release hotfix with reported probs & guess offline installers this week.

As per a user on Comodo forums, if you disable Comodo alerts under Windows notification settings, you should get Comodo type alerts instead of Windows alerts on Win 10 (You get Windows alerts for some stuffs on Win 10 & not Comodo type alerts) BUT its not working i.e if you disable Comodo alerts under Windows notification settings then you dont get any alerts (You may get some alerts but autosandbox, etc alerts are not there).

And it seems a bug with CFW only (dont know applies to CIS, etc too or not?) i.e Cloud/AV alerts are not shown on detection/quarantine.

I have mentioned both on Comodo forums.
thanks for detailed report!
I also noticed that some things were autosandboxed with an alert, and some without an alert. I was using proactive config.

I am in a different snapshot right now: ReHIPS.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
And I dont understand why they are not adding "ask for untrusted" option in CIS/CFW, etc?

And why they think that option set to "block" should not generate alerts?
i.e if you set sandbox option to "block" unknown or FW option to "block request" for unknown, there are no alerts on programs/connections block.
It would be good to get notification for blocked programs/connections, it will let you know Comodo blocked stuffs And nothing wrong with the stuffs.

And I had noticed "Windows Operating System" blocked by Firewall under "Unblock Applications".
Dont know why/how/what it was?
I set the default action for unknowns to "block", and I often got an alert, but not always.

I definitely would like to see "ask for untrusted", like in CCAV. I think they added that option in CCAV because it is like a compromise between autosandbox and HIPS. Since CCAV has no HIPS, they give you something that is a little bit similar to it: an alert where you can choose what to do.
 

technology

Level 7
Verified
Jul 5, 2013
301
As per a user on Comodo forums, if you disable Comodo alerts under Windows notification settings, you should get Comodo type alerts instead of Windows alerts on Win 10 (You get Windows alerts for some stuffs on Win 10 & not Comodo type alerts) BUT its not working i.e if you disable Comodo alerts under Windows notification settings then you dont get any alerts (You may get some alerts but autosandbox, etc alerts are not there).

And it seems a bug with CFW only (dont know applies to CIS, etc too or not?) i.e Cloud/AV alerts are not shown on detection/quarantine.

No, Its also with CIS

And I dont understand why they are not adding "ask for untrusted" option in CIS/CFW, etc?

And why they think that option set to "block" should not generate alerts?
i.e if you set sandbox option to "block" unknown or FW option to "block request" for unknown, there are no alerts on programs/connections block.
It would be good to get notification for blocked programs/connections, it will let you know Comodo blocked stuffs And nothing wrong with the stuffs.

And I had noticed "Windows Operating System" blocked by Firewall under "Unblock Applications".
Dont know why/how/what it was?

1-Regarding alerts for blocked request it will be a good wishlist for upcoming version.

2-I noticed this also
35daq78.jpg
 

technology

Level 7
Verified
Jul 5, 2013
301
also noticed when opening chrome with untrusted extension as 360 internet protection it generate script execution in C: \ ProgramData \ Comodo \ Cis \ tempscrpt each time, which has names that change each time Chrome starts up like this:
C_cmd.exe_1D7AD4C1EFB879CCBA5BDFE18CA2CD1F532D7F86. (The sequence of letters and numbers changes each time).
no matter if you trust it or unblock it each time you open chrome it will alert you that "C_cmd.exe_1D7AD4C1EFB879CCBA5BDFE18CA2CD1F532D7F86. (The sequence of letters and numbers changes each time)." sandboxed !!!!
 
D

Deleted member 2913

I set the default action for unknowns to "block", and I often got an alert, but not always.

I definitely would like to see "ask for untrusted", like in CCAV. I think they added that option in CCAV because it is like a compromise between autosandbox and HIPS. Since CCAV has no HIPS, they give you something that is a little bit similar to it: an alert where you can choose what to do.
I dont think a compromise in CCAV atleast compared to CIS default settings as HIPS disabled But yes works in someway in disabled mode too.
BUT if I am correct CCAV sandbox defaults are tighter compared to CIS sandbox defaults (dont know the internals of sandbox)...I think have read it on Comodo forums And think cruelsister too have mentioned something like this.
 
  • Like
Reactions: AtlBo

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I dont think a compromise in CCAV atleast compared to CIS default settings as HIPS disabled But yes works in someway in disabled mode too.
BUT if I am correct CCAV sandbox defaults are tighter compared to CIS sandbox defaults (dont know the internals of sandbox)...I think have read it on Comodo forums And think cruelsister too have mentioned something like this.
in CCAV, I could not get firefox to connect to internet, when run in sandbox. But chrome and IE worked fine. I think they lowered the level of sandbox, because otherwise, chrome should not work right.
 
D

Deleted member 2913

also noticed when opening chrome with untrusted extension as 360 internet protection it generate script execution in C: \ ProgramData \ Comodo \ Cis \ tempscrpt each time, which has names that change each time Chrome starts up like this:
C_cmd.exe_1D7AD4C1EFB879CCBA5BDFE18CA2CD1F532D7F86. (The sequence of letters and numbers changes each time).
no matter if you trust it or unblock it each time you open chrome it will alert you that "C_cmd.exe_1D7AD4C1EFB879CCBA5BDFE18CA2CD1F532D7F86. (The sequence of letters and numbers changes each time)." sandboxed !!!!
There is a new option under HIPS settings, the last i.e bottom option under HIPS settings, think its coz of that option.
 
D

Deleted member 2913

in CCAV, I could not get firefox to connect to internet, when run in sandbox. But chrome and IE worked fine. I think they lowered the level of sandbox, because otherwise, chrome should not work right.
Latest CCAV release mention "Using CIS Sandbox Engine instead of Portable Sandbox."
 
  • Like
Reactions: AtlBo

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
That C_cmd.exe thing was annoying as hell. And it's so cryptic. I was scratching my head what the hell this thing even means.

Not to mention stupid CIS sandboxes every bloody indie game from Steam. It's ridiculous. I've said like 50 trillion times CIS needs to have an option where "Ask" is a desired default action for EVERY Unrecognized files. But no. Instead they were too busy demanding idiotic "Feature request" forum post formats and banning me than implementing this dumb crap. It's even more idiotic when you realize CCAV does offer that, but CIS for some utterly stupid reason, doesn't (and we pointed that out countless times). They only added some pointless setting how to treat apps that require elevated privilege. Many apps don't require elevated privileges (like Steam indie games) and they just get into sandbox by default and because 3D stuff doesn't work well in it, everything just locks up and it's an utter mess.
 

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
893
also noticed when opening chrome with untrusted extension as 360 internet protection it generate script execution in C: \ ProgramData \ Comodo \ Cis \ tempscrpt each time, which has names that change each time Chrome starts up like this:
C_cmd.exe_1D7AD4C1EFB879CCBA5BDFE18CA2CD1F532D7F86. (The sequence of letters and numbers changes each time).
no matter if you trust it or unblock it each time you open chrome it will alert you that "C_cmd.exe_1D7AD4C1EFB879CCBA5BDFE18CA2CD1F532D7F86. (The sequence of letters and numbers changes each time)." sandboxed !!!!
A reinstall of chrome fixed the issue for me.
 

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
Well, I'm not even using Chrome so that's a second problem... I'm only using Firefox...
 
  • Like
Reactions: AtlBo

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
Hi

I have CFW installed and this Internet Security Essentials (ISE) with it as well. Since I'm not having CAV and/or CCAV is this ISE needed? Has it something to do with Viruscope too? Is Viruscope needed as well?

If I remove the ISE will it affect my CFW in anyway?

Thanks
 
Last edited:

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
"C_cmd.exe_1D7AD4C1EFB879CCBA5BDFE18CA2CD1F532D7F86. (The sequence of letters and numbers changes each time)." sandboxed !!!!

Thanks. I was wondering what this was. In the middle of planning on a new installation, and I had no idea what to do about them. Is it safe to just delete them from the folder?

Question about 2 things:

1. Firewall->check in box "Create rules for safe applications" means auto-allow known?
2. Sandbox->Check or uncheck "Do not virtualize access to" ->Shared Space (user stuff like Download/Favorites) & Program Data\Shared Space? Not sure which is appropriate for maximum security. I guess checking this means unvirtualized writes are allowed to these places but I'm not sure.

If so, sounds like a bad idea. I don't have alot of requirements for remembering things when it comes to the browser. I think I would rather come up with a clever backup plan for browser settings if this is the case. :cool:
 
Last edited:
  • Like
Reactions: Deleted member 2913

Davidov

Level 10
Verified
Well-known
Sep 9, 2012
470
Hey, I can not figure out how to retain only some credible supplier in CF? It is not so easy as in Comodo8.
 
  • Like
Reactions: AtlBo

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
Hi

When in the Advanced View of Comodo one can see applications being blocked by the Firewall, Sandbox and HIPs. However, I would like to see the pop up messages when Comodo blocks them.

How can I do this?

Thanks
 
  • Like
Reactions: AtlBo

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
Hi

When in the Advanced View of Comodo one can see applications being blocked by the Firewall, Sandbox and HIPs. However, I would like to see the pop up messages when Comodo blocks them.

How can I do this?

Thanks

In Firewall settings, disable "Do NOT show popup" option...
 
  • Like
Reactions: AtlBo

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
I wish Sandbox rules editor offered more control over conditions with more applicable conditions in order to fine tune sandboxing while at the same time decreasing the chance of exploitation of that rule.
 

blueblackwow65

Level 23
Verified
Well-known
Dec 19, 2012
1,256
I installed CFW 10 with avast and SAP I disabled hips ,autosandbox,viruscope,and web filter ? WAs that a good idea to disable all 4 ? Thks
 
  • Like
Reactions: AtlBo
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top