App Review Comodo 2025 Containment Variations

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
cruelsister

rashmi

Level 12
Jan 15, 2024
562
Didn't Comodo fix the minor issues with default containment? For instance, a malicious program could change the wallpaper or create a text file on the desktop. As far as I know, there hasn't been a single known breach of default containment. Containment or restriction levels don't matter unless users actively engage with containment or analyze and respond to programs running within it. The "Block" action is preferable for most users, as it maintains usability and avoids any negative consequences.
 
  • Like
Reactions: simmerskool

Nagisa

Level 7
Verified
Jul 19, 2018
342
I don't get the point of testing something with default-deny approach. It will obviously block all known or unknown code unless the code uses an exploit (executing payload in an unusual way or even getting system level privileges by taking advantage of AVs attack surface)
 

rashmi

Level 12
Jan 15, 2024
562
I don't get the point of testing something with default-deny approach. It will obviously block all known or unknown code unless the code uses an exploit (executing payload in an unusual way or even getting system level privileges by taking advantage of AVs attack surface)
The tests confirm the effectiveness of containment, with no leaks or bypasses. Compatibility issues or bugs may arise because of Windows major builds or Comodo updates, which can affect containment. It is beneficial that she regularly tests Comodo to ensure it works perfectly and effectively.
 

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
621
Running Beta v12.3.2.8124 on Windows 11, 23H2. My Restriction level on Unrecognized files has just been set to "Restricted". because I'm curious to see if it is a safe level without crippling the restricted application. Maybe I'll reel this in to a lower level if need be. Setup is similar to the cruelsister variation:

  1. Deleted built-in vendor list and just went with only those on my device (already running processes). These are mostly Microsoft, and Comodo vendors but also a few for browsers and a few other utilities I run.
  2. Disabled: Enable Cloud Lookup
  3. Disabled: HIPS
  4. Disabled VirusScope
  5. Auto-containment settings similar except Unrecognized files set to run Restricted at Restriction level = Restricted
  6. Some modification of existing Firewall Rulesets and added my own one as well. Most likely more to come.

  1. I'm running this with MS Defender enhanced with Andy Ful's WHHL (Windows Hybrid Hardening Light) and Configure Defender utilities
  2. Some Comodo-related Whitelist path exceptions were required in this utility in SRP and WDAC options
So far everything seems to be working as advertised with no buggy behavior. I was supposed to be bored and weary of these types of security utilities, but my interest for various reasons is re stoked again.
 
Last edited:

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
621
A corrector: The only exception rule it seems I need in Andy Ful's tools is in ConfigureDefender when "High" setting is used, then an ASR Path exception is required:

Configure Defender ASR exclusion for Comodo.png

Nothing required in WHHL. Thanks to @rashmi as well for directing me to the latest stable version 12.3.3.8140
 
  • Like
Reactions: kylprq and rashmi

EASTER

Level 4
Verified
Well-known
May 9, 2017
159
Excellent PART 2 video and all users of Comodo can draw inspiration from this (and subsequent) others like it. Containment is HUGE!
 
  • Like
Reactions: kylprq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top