Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
Comodo and Weaponized Documents
Message
<blockquote data-quote="AtlBo" data-source="post: 810085" data-attributes="member: 32547"><p>Not 100% conclusive, however, here is my surprise finding. I switched to firewall mode, HIPs and containment disabled, and NO alert for the .bat. Then I activated containment to see if that would respond by itself->again NO alert. So then I turned on HIPs in Safe Mode and voila->normal alerts.</p><p></p><p>One note, I did NOT see an alert for containment, even with Auto-contain enabled. OK, this causes me to question whether there are deeper settings in the "Firewall" profile configuration which are different than "Proactive". Also, maybe it is due to system/settings lag, idk. BTW, I am running version 10 still on this PC, while testing 11 on another. Don't think there is a difference, but...</p><p></p><p>If this is the way HIPs works in all profile configurations, it's clumsy. If it HIPs is required for heuristics, that would be in another direction clumsy and ugly too. Running Comodo without HIPs would be almost impossible. I would have to enable HIPs and then create a rule to allow without an alert all activity except command line in order to stop the module from blocking. I don't think that would be a simple matter, if even possible.</p><p></p><p>Something else crosses my mind. The container works for Cruelsister in Proactive mode with HIPs off. There must be a very deep difference between the default "Firewall" and "Proactive" settings profiles. Need to come up with another way to test in "Proactive". I'll look into saving settings and see if I can restore to defaults without too much trouble.</p></blockquote><p></p>
[QUOTE="AtlBo, post: 810085, member: 32547"] Not 100% conclusive, however, here is my surprise finding. I switched to firewall mode, HIPs and containment disabled, and NO alert for the .bat. Then I activated containment to see if that would respond by itself->again NO alert. So then I turned on HIPs in Safe Mode and voila->normal alerts. One note, I did NOT see an alert for containment, even with Auto-contain enabled. OK, this causes me to question whether there are deeper settings in the "Firewall" profile configuration which are different than "Proactive". Also, maybe it is due to system/settings lag, idk. BTW, I am running version 10 still on this PC, while testing 11 on another. Don't think there is a difference, but... If this is the way HIPs works in all profile configurations, it's clumsy. If it HIPs is required for heuristics, that would be in another direction clumsy and ugly too. Running Comodo without HIPs would be almost impossible. I would have to enable HIPs and then create a rule to allow without an alert all activity except command line in order to stop the module from blocking. I don't think that would be a simple matter, if even possible. Something else crosses my mind. The container works for Cruelsister in Proactive mode with HIPs off. There must be a very deep difference between the default "Firewall" and "Proactive" settings profiles. Need to come up with another way to test in "Proactive". I'll look into saving settings and see if I can restore to defaults without too much trouble. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
