Comodo Clean PC Mode doesn't whitelist windows processes

[shmu26]

I am using Comodo free firewall on windows 10
I have HIPS set to Clean PC Mode.
But I still get a few prompts about windows processes.
Why doesn't comodo whitelist all normal windows processes?
Is there something I can do to change this behavior?

 

[hjlbx]

I am using Comodo free firewall on windows 10
I have HIPS set to Clean PC Mode.
But I still get a few prompts about windows processes.
Why doesn't comodo whitelist all normal windows processes?
Is there something I can do to change this behavior?

You will still get firewall prompts for any processes run inside the sandbox using Clean PC Mode. In fact, you will get such firewall alerts for sandboxed applications using any of COMODO's Modes - even Training Mode.

Are you seeing any HIPS prompts in Clean PC Mode ?

Screenshot(s) ?

If you want to whitelist your entire system, then use Training Mode for at least a week. But just be aware that there is a "disappearing rules" bug - whereby all the rules - including the ones that are part of the default CIS base install - might randomly vanish.

You can also select "Create rules for Trusted applicaions" - which will create generic Allow rules for all Trusted processes. Here again, these created rules might vanish.

Training Mode will create more restrictive rules.

 

[shmu26]

recommendations for a more reliable HIPS?
I don't want to run Spyshelter because I am running HMP.A, and there seems to be a lot of overlap.

 

[hjlbx]

recommendations for a more reliable HIPS?
I don't want to run Spyshelter because I am running HMP.A, and there seems to be a lot of overlap.

Yeah, but only the keystroke encryption and webcam\microphone access overlap.

When I combo SpS with HMP.A, To prevent duplicate protection conflicts, I disable HMP.A's keystroke encryption, protective border, webcam & microphone isolation settings.

SpS does good job at anti-logging and denying access to webcam\microphone - so you aren't reducing system security by disabling those protections in HMP.A.

The real value in SpS, as you know, is its HIPS - and there aren't any good stand-alone alternatives - unless you have 32-bit system.

If you don't want to use COMODO or SpS, then ESET HIPS is the only real alternative - unless you opt for Kaspersky.

 

[shmu26]

maybe it's not so terrible if Comodo forgets a rule every once in a while, since I am making rules to permit, not to block.
Do you think the basic firewall protection is good? I mean, as good or better than Windows firewall?

 

[hjlbx]

maybe it's not so terrible if Comodo forgets a rule every once in a while, since I am making rules to permit, not to block.
Do you think the basic firewall protection is good? I mean, as good or better than Windows firewall?

Creating HIPS rules for entire system is not an absolute necessity to protect the system - but, instead, is just an additional layer of protection beyond the sandbox.

The rules bug doesn't just cause single rules to disappear; all of them will disappear if it happens.

COMODO's firewall offers better protection than Windows Firewall because of the outbound notifications - and it has been proven through testing over the years to be quite a robust firewall.

 

[shmu26]

You will still get firewall prompts for any processes run inside the sandbox using Clean PC Mode.

Are you seeing any HIPS prompts in Clean PC Mode ?

Screenshot(s) ?

maybe I am confusing Comodo's firewall popups with its HIPS popups. How do I tell the difference between the two?

 

[Av Gurus]

If you want to whitelist your entire system, then use Training Mode for at least a week.

Training Mode will create more restrictive rules.

How to turn Training Mode?
Allow all na or...?

 

[hjlbx]

maybe I am confusing Comodo's firewall popups with its HIPS popups. How do I tell the difference between the two?

At the top of the alert you will see Firewall, Sandbox, HIPS; the alert header clearly indicates which type of alert it is.

COMODO Help file online: Comodo Internet Security, Antivirus protection, Firewall Software |Security Help

 

[hjlbx]

How to turn Training Mode?
Allow all na or...?

On COMODO GUI, select advanced display in upper left hand corner.

For firewall (same for HIPS on HIPS tab; can also change setting on drop-down menu on Advanced GUI) to enable Training Mode:

Firewall Settings, PC Firewall, Firewall Protection | Internet Security

I only tried "Create rules for safe applications" setting once. If you are going to create rules, then it is more secure to create as specific rules as is possible.

With firewall rules, I used Training Mode and then converted all rules to "Outgoing Only."

 

[shmu26]

there aren't any good stand-alone alternatives - unless you have 32-bit system.

So if I don't want to buy spyshelter's full version, but I want a full HIPS, then it sounds like Comodo free firewall is the way to go. If it forgets my rules, I can just do a system restore, or put it back on "clean pc mode", assuming my computer is in a safe state.

 

[hjlbx]

So if I don't want to buy spyshelter's full version, but I want a full HIPS, then it sounds like Comodo free firewall is the way to go. If it forgets my rules, I can just do a system restore, or put it back on "clean pc mode", assuming my computer is in a safe state.

You can export (save) your rules and import them back into CIS if they disappear. However, you might have to do this regularly. I can't tell you with any certainty how CIS will behave on your specific system as far as the "disappearing rules" bug.

To be perfectly honest, all you need do is to enable Proactive Security configuration.

I suggest you use @cruelsister's recommended settings: Regarding Comodo

Her guide is simple and straight-forward - and the settings\configuration works to protect the system.

@cruelsister suggests elsewhere to set the Firewall to "No Popups - Block."

That's it. No messy configuration to cause you all sorts of problems.

 

[shmu26]

I suggest you use @cruelsister's recommended settings: Regarding Comodo
.

She talks about Full Virtualization. Do you know how to do that in Comodo 8?

 

[hjlbx]

She talks about Full Virtualization. Do you know how to do that in Comodo 8?

Set Sandbox to fully virtualized in the auto-sandbox rule for Unrecognized.

That being said, the default setting for the Sandbox is fully virtualized - so you don't need to do anything.

Read the help file... it covers most of what you need to know and how to go about tweaking the settings.

 

[shmu26]

When I combo SpS with HMP.A, To prevent duplicate protection conflicts, I disable HMP.A's keystroke encryption, protective border, webcam & microphone isolation settings.

what about all those other various functions that SpS system protection does? Don't they overlap and potentially conflict with HMP.A's exploit protection?
WIth SpS free, you can't pick and choose among the various elements of system protection. And if you turn off the whole module, you lose the HIPS as well.

 

[hjlbx]

what about all those other various functions that SpS system protection does? Don't they overlap and potentially conflict with HMP.A's exploit protection?
WIth SpS free, you can't pick and choose among the various elements of system protection. And if you turn off the whole module, you lose the HIPS as well.

No there is no real conflict between HMP.A and SpS except for keystroke encryption - and even then I do not think they really conflict.