Advice Request Combining Comodo Firewall with the OSArmor

[Nagisa-kun]

1) CF + OSArmor
2) CF + HIPS + OSArmor
3) CF + HIPS

OSArmor is such a lightweight program and I would like to use it if it will give me extra security. Which option is better?

 

[imuade]

1) CF + OSArmor
2) CF + HIPS + OSArmor
3) CF + HIPS

OSArmor is such a lightweight program and I would like to use it if it will give me extra security. Which option is better?

CF at CS settings (firewall, sandbox, cloud lookup) will cover all your needs.
HIPS will just give you tons of alerts.
OSArmor will be useful only if you allow something bad to run

 

[RoboMan]

If you use CS' CFW then you need nothing else. Every unrecognised file will be sandboxed, you don't even need signatures nor HIPS. As long as you don't start disabling components to run suspicious blocked programs you're done.

 

[LDogg]

Cruelsister settings for Comodo FW, should be good to go.

~LDogg

 

[shmu26]

CFW is weak on vulnerable process protection, especially at CruelSister settings. It will block file-based infections, but it is weak against the fileless variety. This is where OSA can help you. It is designed specifically for that.

 

[Nagisa-kun]

@shmu26 @LDogg @RoboMan @imuade

Thanks...

What if I would like to combine them while doing some dangerous thing on my computer? Would they conflict with each other? I whitelisted the osarmor service on the comodo hips but I don't know could if OSArmor can prevent comodo from doing its things. My biggest fear is something like that.

Also I had enabled some options in OSArmor advanced settings, for example, blocking cmd.exe. I guess comodo doesn't need to the console while doing its security funtions. Am I right?

 

[LDogg]

Quite the array of advice here. Which is hey a post like this with a thread of knowledgeable comments benefits the OP.

~LDogg

 

[bribon77]

I think the configuration of Comodo Firewall with the Cs configuration is sufficient.
I used a little OSArmor with CF and had Blue Screens. It's true that it was at the beginning of OSArmor . but since then I haven't used it anymore.

 

[shmu26]

@shmu26 @LDogg @RoboMan @imuade

Thanks...

What if I would like to combine them while doing some dangerous thing on my computer? Would they conflict with each other? I whitelisted the osarmor service on the comodo hips but I don't know could if OSArmor can prevent comodo from doing its things. My biggest fear is something like that.

Also I had enabled some options in OSArmor advanced settings, for example, blocking cmd.exe. I guess comodo doesn't need to the console while doing its security funtions. Am I right?

1 If you want to improve on the default Comodo protection, go into advanced settings, miscellaneous, embedded code detection. Over there, you can enable more processes to be protected. But even if you enable all of them, it is a short list, it does not cover everything, and furthermore, it has not been tested thoroughly. It works well for Powershell, but I have questions about some of the other ones.
If you find that this conflicts with your software in some way, disable embedded code detection only for the process that gives you trouble. (You can still get protection for that process if you enable Comodo HIPS and make some custom settings, but that is another subject).

2 I don't know how well OSA works with Comodo. You could try it, and deliberately cause blocks of various sorts, and see if it works right.

3 If you want to add to Comodo protection by using another solution, I would recommend @Andy Ful's Hard_Configurator. Using it, you can enable protection for a long and inclusive list of vulnerable processes (he calls them "sponsors"), and it will not conflict with Comodo. But even if you don't enable any of them, the default protections of "Recommended SRP" are already very strong. You can use the special template that Andy prepared for Avast hardened/aggressive mode, because it is appropriate also for Comodo @CS settings. That is what I use on my wife's laptop.

4 Please note that enabling full protection for all vulnerable processes, or sponsors, or lol bins, or whatever you want to call them -- this is not possible on all systems. It depends a lot on your hardware and software. If you have a conflict, but still want protection for that process, then you need a security solution that allows you more fine-grained control, such as NVT ERP, or ReHIPS, or Comodo HIPS (it you know how to configure it properly).