Advice Request Comodo Enhanced Protection Mode

notabot · Jan 28, 2019

I just came across an old link (2014)

Introducing Comodo Internet Security 8 with more Features

It says

“Hardware virtualization support”
o When Intel VT-x or AMD™ SVM Virtualization extensions are available, Enhanced Protection Mode makes use of these technologies and CIS operates at hypervisor level.”

This means that this product is actually secure even against kernel exploits.

Is anybody running enhanced protection mode ? How big is the performance impact ?

The hypervisor attack surface should be tiny compared to an OS kernel

shmu26 · Jan 29, 2019

notabot said:
I just came across an old link (2014)

Introducing Comodo Internet Security 8 with more Features

It says

“Hardware virtualization support”
o When Intel VT-x or AMD™ SVM Virtualization extensions are available, Enhanced Protection Mode makes use of these technologies and CIS operates at hypervisor level.”

This means that this product is actually secure even against kernel exploits.

Is anybody running enhanced protection mode ? How big is the performance impact ?

The hypervisor attack surface should be tiny compared to an OS kernel

They had to remove that feature because it conflicted with the recent versions of Windows 10.

notabot · Jan 29, 2019

shmu26 said:
They had to remove that feature because it conflicted with the recent versions of Windows 10.

I see, have they replaced it with something of similar functionality or this was “too good to be true”

shmu26 · Jan 29, 2019

notabot said:
I see, have they replaced it with something of similar functionality or this was “too good to be true”

The old-timers on the Comodo forum mourned the demise of this feature. I don't think it was replaced by anything. But it does indicate that the Windows kernel is natively more secure than it used to be.

SHvFl · Jan 29, 2019

shmu26 said:
The old-timers on the Comodo forum mourned the demise of this feature. I don't think it was replaced by anything. But it does indicate that the Windows kernel is natively more secure than it used to be.

Nothing to do with that. It was removed because MS would enable memory integrity which doesn't allow anything else to use virtualisation.

shmu26 · Jan 29, 2019

SHvFl said:
Nothing to do with that. It was removed because MS would enable memory integrity which doesn't allow anything else to use virtualisation.

Even without memory integrity, they were having problems with it. But memory integrity makes it impossible.

SHvFl · Jan 29, 2019

shmu26 said:
Even without memory integrity, they were having problems with it. But memory integrity makes it impossible.

They have problems with everything so not surprised. At least MS made the decision easy and justifiable to the masses (not me but ms fault).

notabot · Jan 29, 2019

Ok so they write a buggy hypervisor

shmu26 · Jan 30, 2019

I can't claim to fully understand what this feature was doing, but I am pretty sure it was to assist in advanced HIPS monitoring. So if you don't even use the HIPS module, it doesn't matter. Nowadays, HIPS is pretty much of a lost art.

Search

Advice Request Comodo Enhanced Protection Mode

notabot

Level 15

shmu26

Level 85

notabot

Level 15

shmu26

Level 85

SHvFl

Level 35

shmu26

Level 85

SHvFl

Level 35

notabot

Level 15

shmu26

Level 85

Similar threads