CIS 10 stable released

Status
Not open for further replies.

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
Agree. This is great if you're looking for a free combo. Comodo FW with custom ruleset, Auto sandbox, Viruscope, Web Filter enabled and HIPS OFF. Combined with Avast Free Hardened Mode/Avira Free or 360 TSE Sandbox Off.
Wouldn't Comodo Firewall's Autosandbox and Avast Free Hardened Mode overlap since they do the same thing?
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
STEP 1
Click the "Start" menu and choose the "Run" option. Enter the letters "CMD" into "Run" and press "OK."

STEP 2
Enter the text "regsrv3," followed by a space and the line "%systemroot%." Immediately after the second % symbol, type in "\system32\." All of this text is the main prefix that you will need to use for each entry.

STEP 3
Type the letters "vbscript.dll" after the first main prefix line and press the "Enter" key to enter the first command.

STEP 4
Enter another line of prefix text followed by "jscript.dll" to make the second command. Make a third command with the main prefix followed by "dispex.dll" and press "Enter."

STEP 5
Type in the fourth command line using the main prefix plus scrobj.dll and press "Enter." The fifth command uses the main prefix with the line "scrrun.dll."

STEP 6
Add the sixth command line with the main prefix and suffix of "wshext.dll" and press "Enter." Type in the final line with the prefix followed by "wshom.ocx" and press "Enter."

STEP 7
Restart your computer to allow the script additions to take effect.
Hi

So its

regsrv3 %systemroot%\system32\ vbscript.dll and "Enter", right?

At step 3 (above) after "Enter" it says 'regsrv3' is not recognized as an internal or external command, operable program or batch file

BTW, a bit confusing following your instructions. Can write it down, please?

Thanks
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Anyone know why Comodo uses the "Purge" button as the way to keep the various file lists fresh? Seems like the program could just offer user the chance to purge for themselves with a choice box or else auto-purge. Maybe I'm not seeing a problem here.
 

LahiruRajinda

Level 4
Verified
Well-known
Jul 6, 2015
153
Wouldn't Comodo Firewall's Autosandbox and Avast Free Hardened Mode overlap since they do the same thing?
What you meant is CyberCapture, previously known as DeepScreen. Hardened Mode at Aggressive setting is more like an application white list and does not involve the sandbox This could be why it copes with Comodo AutoSandbox. Not sure about the moderate setting though.
 
Last edited:

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
What you meant is CyberCapture, previously known as DeepScreen. Hardened Mode at Aggressive setting is more like an application white list and does not involve the sandbox This could be why it copes with Comodo AutoSandbox. Not sure about the moderate setting though.
Comodo does seem like an application whitelist except it autosandboxes instead of autoblocks.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Is there a way in Comodo Firewall to do this:

HIPS or another component responds to unknown with "ask"->Allow Block or Whitelist->If Allow autosandbox

Don't want four or 5 pop ups from HIPS...just a chance to block or blacklist, then auto-sandbox the unknown on allow.
 
D

Deleted member 2913

Is there a way in Comodo Firewall to do this:

HIPS or another component responds to unknown with "ask"->Allow Block or Whitelist->If Allow autosandbox

Don't want four or 5 pop ups from HIPS...just a chance to block or blacklist, then auto-sandbox the unknown on allow.
Its there in Comodo Cloud AV But not in CIS/CFW.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Thanks. Almost worth it to me to have that. I have NVT ERP, but it's not quite the same. Guess I need to learn more about Trusted Publishers and unsigned alerts in NVT ERP, see if I can make the pop ups stand out more. Not many trusted Publishers in the list by default.
 

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
Hi

So its

regsrv3 %systemroot%\system32\ vbscript.dll and "Enter", right?

At step 3 (above) after "Enter" it says 'regsrv3' is not recognized as an internal or external command, operable program or batch file

BTW, a bit confusing following your instructions. Can write it down, please?

Thanks
These instructions are all over the Internet and they all have the same typo! Obviously noone has actually tested it works before posting!

It should be regsvr32 not regsrv3.

Nb it's svr and not srv
 

Davidov

Level 10
Verified
Well-known
Sep 9, 2012
470
Hi you must run the Chrome sandbox Comodo? Or Comodo Protects against exploits without chrome running in the sandbox. According to Me every unknown process will be sandboxed at it exploit or some other malware.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Hi you must run the Chrome sandbox Comodo? Or Comodo Protects against exploits without chrome running in the sandbox. According to Me every unknown process will be sandboxed at it exploit or some other malware.
If you want proper exploit protection, run chrome in sandbox, because of fileless exploits, if you are concerned about them.

COMODO HIPS, if you have it enabled, does trigger a prompt when a trusted app tries to execute another process. But it will not monitor the actions of a trusted process, such as chrome. So it might see the exploit as Chrome, and not block its actions.
Furthermore, HIPS allows system processes to execute another (trusted) process without triggering a prompt -- although the actions of that second process will trigger a prompt.
In short, the default HIPS settings will not provide full exploit protection.

Another option: You can set up COMODO HIPS to alert for any vulnerable processes that you might be concerned about, such as the two cmd.exe processes, for instance. Just mark that process as "unknown", and make an "ignore" rule for it in sandbox. (You only need to make the ignore rule if you are in proactive config).
This way, you will get a HIPS alert every time the process executes, because it is "unknown", and you can then whitelist the command line strings you need, when you get the prompt for it.

A third option: you can make "block" rules in autosandbox for processes such as powershell, wscript, etc. These rules support wildcards, such as C:\*\powershell*.exe
 

Davidov

Level 10
Verified
Well-known
Sep 9, 2012
470
If you want proper exploit protection, run chrome in sandbox, because of fileless exploits, if you are concerned about them.

COMODO HIPS, if you have it enabled, does trigger a prompt when a trusted app tries to execute another process. But it will not monitor the actions of a trusted process, such as chrome. So it might see the exploit as Chrome, and not block its actions.
Furthermore, HIPS allows system processes to execute another (trusted) process without triggering a prompt -- although the actions of that second process will trigger a prompt.
In short, the default HIPS settings will not provide full exploit protection.

Another option: You can set up COMODO HIPS to alert for any vulnerable processes that you might be concerned about, such as the two cmd.exe processes, for instance. Just mark that process as "unknown", and make an "ignore" rule for it in sandbox. (You only need to make the ignore rule if you are in proactive config).
This way, you will get a HIPS alert every time the process executes, because it is "unknown", and you can then whitelist the command line strings you need, when you get the prompt for it.

A third option: you can make "block" rules in autosandbox for processes such as powershell, wscript, etc. These rules support wildcards, such as C:\*\powershell*.exe
So because it is chrome credible process triggers harmful thread as trustworthy? This can be avoided assistance (voodooshield paid) or AppGuard or novirustnx)
 

FleischmannTV

Level 7
Verified
Honorary Member
Well-known
Jun 12, 2014
314
Chrome is already using the most sophisticated sandboxing available on Windows. The slave processes, which handle the untrustworthy code and have a chance of being exploited, have no file system access, can't spawn child processes and can't access the memory of other processes. Aside from that, the chances of running into an actual Chrome 0-day is so small that worrying about it rather qualifies as the early stages of fear and paranoia related mental diseases than being careful.

Chrome users get infected by downloading and executing the malware on their own and not through 0-day exploits.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top