Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
Comodo custom Nagisa config
Message
<blockquote data-quote="[Inactive User 48391948]" data-source="post: 890411" data-attributes="member: 87729"><p>Long time former user of COMODO here. If my memory is correct, older versions of COMODO dating back to around version 5 used a hybrid approach with sandboxing, meaning that some actions of sandboxed applications are virtualized while other actions are restricted depending on the restriction level (eg. Partially Limited, Limited, Restricted, Untrusted). The old COMODO sandbox did not provide full virtualization, meaning that malware is permitted to make some changes outside the sandbox, and at partially limited, some artifacts of malware can persist on the <em>real system</em> even after resetting the sandbox. Back then, the recommended restriction level for balancing compatibility and security was Limited rather than Partially Limited. The former effectively runs applications without administrative privileges, which makes a massive difference.</p><p></p><p>In later versions, COMODO introduced and polished fully virtualized sandboxing enabled by default, so total virtualization of unknown applications is achieved with the exception of rare leakages/bugs. This is especially true for versions 10 and beyond which has more fileless protection. Within the virtualized system, there are safeguards, with HIPS blocking access to protected objects for instance. However, a user can manually set a restriction level <em>within</em> the fully-virtualized sandbox for added security.</p><p></p><p>It is unclear whether the Run Restricted option nowadays utilizes the old hybrid approach or whether it uses no virtualization but sets restrictions totally outside the sandbox. If I had to guess, I would go with the latter and assume that they have phased out the hybrid approach entirely, and that full virtualization is the intended final result of the sandbox feature. The hybrid approach was likely an interim solution to the ultimate goal of full virtualization. COMODO's documentation isn't clear about this.</p><p></p><p>In any case, if you want to use run restricted, I would recommended using at least the Limited Restriction level over Partially Limited. Also, the proactive configuration has more protected objects in the HIPS, and afaik, HIPS operates even when it is "disabled."</p></blockquote><p></p>
[QUOTE="[Inactive User 48391948], post: 890411, member: 87729"] Long time former user of COMODO here. If my memory is correct, older versions of COMODO dating back to around version 5 used a hybrid approach with sandboxing, meaning that some actions of sandboxed applications are virtualized while other actions are restricted depending on the restriction level (eg. Partially Limited, Limited, Restricted, Untrusted). The old COMODO sandbox did not provide full virtualization, meaning that malware is permitted to make some changes outside the sandbox, and at partially limited, some artifacts of malware can persist on the [I]real system[/I] even after resetting the sandbox. Back then, the recommended restriction level for balancing compatibility and security was Limited rather than Partially Limited. The former effectively runs applications without administrative privileges, which makes a massive difference. In later versions, COMODO introduced and polished fully virtualized sandboxing enabled by default, so total virtualization of unknown applications is achieved with the exception of rare leakages/bugs. This is especially true for versions 10 and beyond which has more fileless protection. Within the virtualized system, there are safeguards, with HIPS blocking access to protected objects for instance. However, a user can manually set a restriction level [I]within[/I] the fully-virtualized sandbox for added security. It is unclear whether the Run Restricted option nowadays utilizes the old hybrid approach or whether it uses no virtualization but sets restrictions totally outside the sandbox. If I had to guess, I would go with the latter and assume that they have phased out the hybrid approach entirely, and that full virtualization is the intended final result of the sandbox feature. The hybrid approach was likely an interim solution to the ultimate goal of full virtualization. COMODO's documentation isn't clear about this. In any case, if you want to use run restricted, I would recommended using at least the Limited Restriction level over Partially Limited. Also, the proactive configuration has more protected objects in the HIPS, and afaik, HIPS operates even when it is "disabled." [/QUOTE]
Insert quotes…
Verification
Post reply
Top
