Advice Request Comodo Enhanced Protection Mode

Please provide comments and solutions that are helpful to the author of this topic.

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
I just came across an old link (2014)

Introducing Comodo Internet Security 8 with more Features

It says

Hardware virtualization support”
o When Intel VT-x or AMD™ SVM Virtualization extensions are available, Enhanced Protection Mode makes use of these technologies and CIS operates at hypervisor level.”


This means that this product is actually secure even against kernel exploits.

Is anybody running enhanced protection mode ? How big is the performance impact ?

The hypervisor attack surface should be tiny compared to an OS kernel
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I just came across an old link (2014)

Introducing Comodo Internet Security 8 with more Features

It says

Hardware virtualization support”
o When Intel VT-x or AMD™ SVM Virtualization extensions are available, Enhanced Protection Mode makes use of these technologies and CIS operates at hypervisor level.”


This means that this product is actually secure even against kernel exploits.

Is anybody running enhanced protection mode ? How big is the performance impact ?

The hypervisor attack surface should be tiny compared to an OS kernel
They had to remove that feature because it conflicted with the recent versions of Windows 10.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I see, have they replaced it with something of similar functionality or this was “too good to be true”
The old-timers on the Comodo forum mourned the demise of this feature. I don't think it was replaced by anything. But it does indicate that the Windows kernel is natively more secure than it used to be.
 
  • Like
Reactions: Weebarra

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
The old-timers on the Comodo forum mourned the demise of this feature. I don't think it was replaced by anything. But it does indicate that the Windows kernel is natively more secure than it used to be.
Nothing to do with that. It was removed because MS would enable memory integrity which doesn't allow anything else to use virtualisation.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Nothing to do with that. It was removed because MS would enable memory integrity which doesn't allow anything else to use virtualisation.
Even without memory integrity, they were having problems with it. But memory integrity makes it impossible.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Even without memory integrity, they were having problems with it. But memory integrity makes it impossible.
They have problems with everything so not surprised. At least MS made the decision easy and justifiable to the masses (not me but ms fault).
 
  • Like
Reactions: Weebarra and shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I can't claim to fully understand what this feature was doing, but I am pretty sure it was to assist in advanced HIPS monitoring. So if you don't even use the HIPS module, it doesn't matter. Nowadays, HIPS is pretty much of a lost art.
 
  • Like
Reactions: Weebarra

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top