- Apr 13, 2013
- 3,147
Comodo Firewall 10 against the Serpent
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Jan 27, 2017
- 139
Thank you for yet another info-taining video.
I'm not sure how to broach the subject of UAC without creating a thread of 'I'm right - you're wrong' type discussions from others.
So may I ask the question in the context of YOUR settings with CF and YOUR approach. What UAC settings do you recommend, if any?
Please accept my apologies in advance if you have answered the question elsewhere.
I'm not sure how to broach the subject of UAC without creating a thread of 'I'm right - you're wrong' type discussions from others.
So may I ask the question in the context of YOUR settings with CF and YOUR approach. What UAC settings do you recommend, if any?
Please accept my apologies in advance if you have answered the question elsewhere.
@reboot I don't see any issue with UAC, it did what it was supposed to do, blocking elevation of the Event Viewer process (mmc.exe) which it did, not stopping a script.
Now the real question as a user is why Event Viewer launch itself , if you know how UAC works , you already know that something went wrong after you clicked the file.
So keep UAC at max , use SUA
Now the real question as a user is why Event Viewer launch itself , if you know how UAC works , you already know that something went wrong after you clicked the file.
So keep UAC at max , use SUA
Last edited by a moderator:
- Jan 27, 2017
- 139
@Umbra I would be lying if I said I didn't feel like it is a case of shooting the messenger when it comes to the UAC… I also appreciate what you are saying about the Event Viewer.
My starting point question was in relation to Cruelsister's settings. Was UAC still set to the Max when she used her CF 10 settings to defeat the Serpent?
My starting point question was in relation to Cruelsister's settings. Was UAC still set to the Max when she used her CF 10 settings to defeat the Serpent?
It was i guess, anyway it doesn't matter because CFW will reacts before UAC , so whatever setting UAC has, CFW would alert/block/virtualize the file at execution.
in the video there are the steps :
1- user click the file > 2- file initiate several processes > 3- those processes use Event Viewer as a vector attack > 4- then the infection spreads
CFW will block or virtualize step 2 (depend the settings, CS settings used to disable the HIPS, focusing on restricted virtualization only) ; so UAC won't be involved, EV is blocked at the source
Last edited by a moderator:
- Jan 27, 2017
- 139
Thank you for the confirmation. So would it be fair to say that UAC is sitting on the bench? It is not on the playing field. So my next question becomes is it even necessary with Cruelsister's CF 10 settings? Which may in turn influence her thinking about the subject in general... which brings me to the purpose of my original question.
Thank you also for highlighting the syntax of events. That makes it much easier to follow.
Last edited:
I won't say sitting on the bench , because CFW have whitelisted processes which still requires elevation. Remember UAC prevent executables' elevation only; so yes it is still necessary.
It is not because process x can be abused than every other processes has to be stopped.
UAC is not originally a security feature , it is its side effect that makes people believe it is.
Last edited by a moderator:
- Apr 13, 2013
- 3,147
Hi Guys!- The EventViewer UAC bypass is well known and has been around for years. The only reason I highlighted it was because the Blackhats coded it for this bypass method, so I wanted to present Serpent in its full glory. The different thing about Seropent is the use of Cipher.exe with the /w switch- this will do a military wipe of the changed Documents making them totally unrecoverable.
And I never have UAC active on the Comodo videos as:
1). CF by itself meets and exceeds the protection given by UAC, and
2). if a developer does not specify that something else must be used in addition to their product this would give a biased view of whatever results are demonstrated (hope that made sense).
Reboot- UAC, as I noted above, is just an inconvenience when using CF. It would add nothing to protection. And my settings were given in a video on Jan 28 ("Comodo Firewall 10 Setup" on my channel- I don't want to put in a direct link as another video window will appear).
And I never have UAC active on the Comodo videos as:
1). CF by itself meets and exceeds the protection given by UAC, and
2). if a developer does not specify that something else must be used in addition to their product this would give a biased view of whatever results are demonstrated (hope that made sense).
Reboot- UAC, as I noted above, is just an inconvenience when using CF. It would add nothing to protection. And my settings were given in a video on Jan 28 ("Comodo Firewall 10 Setup" on my channel- I don't want to put in a direct link as another video window will appear).
if you assume that UAC is a protection feature which it is not.
for the people, (i assume CS know that) : UAC was originally created to:
1- Prevent standard users to get admin rights and modyfing critical areas of the system or having access to other accounts.
2- Make easier the installation of software by admins from a SUA , without the need to Logout and login in admin account.
3- Alert about elevation request of any process legit or not.
People assume UAC is an anti-malware features because many malwares ask for elevation, but if a malware doesn't require elevation, UAC will never show up.
Last edited by a moderator:
- Jan 27, 2017
- 139
Apart from the "inconvenience" is there any other downside to having UAC enabled when using your CF 10 settings?
User Account Control - Wikipedia
All the crap you are reading saying UAC failed against malwares or doesn't protect is made by people who doesn't know what they are talking about.
Last edited by a moderator:
- Apr 13, 2013
- 3,147
Yash- I NEVER EVER (never ever) would use CF a the default settings. I've done some video in the past with Comodo at default and even did a recent one demonstrating the inadequacy of the Firewall Configuration. Also I feel it isn't a good idea to do anything detailing this as some may jump on it and get the wrong idea.
Umbra- Excellent comment (in Post 10)! Too many people feel that UAC may be the end-all protection for malware, which it is not. Similar would be reliance on SUA as it pertains to Documents. It's really up to us to dispel such dangerous myths. On the other hand, UAC (on Win 7) should be active (if nothing better is already installed) for those that use System Restore as this would prevent malware messing with vssadmin: but on Win 10 (I know YOU know this) even with UAC at the Off level such system files will be protected anyway.
By the way, it's good to have you back!
Forgot to mention- the song is by Be Good Tanyas- "SleepDog Lullaby"- isn't it pretty?
Umbra- Excellent comment (in Post 10)! Too many people feel that UAC may be the end-all protection for malware, which it is not. Similar would be reliance on SUA as it pertains to Documents. It's really up to us to dispel such dangerous myths. On the other hand, UAC (on Win 7) should be active (if nothing better is already installed) for those that use System Restore as this would prevent malware messing with vssadmin: but on Win 10 (I know YOU know this) even with UAC at the Off level such system files will be protected anyway.
By the way, it's good to have you back!
Forgot to mention- the song is by Be Good Tanyas- "SleepDog Lullaby"- isn't it pretty?
@cruelsister thanks 
About Win7, i will never use it without a full layered protection setup, it is so weak in security...
@Yash Khan Comodo at default setting is wasting its potency and like using no protection ^^
About Win7, i will never use it without a full layered protection setup, it is so weak in security...
@Yash Khan Comodo at default setting is wasting its potency and like using no protection ^^
Last edited by a moderator:
- Jan 27, 2017
- 139
It is pretty and I am still trying to get the sound of Wolly Bully out of my head.
- Apr 13, 2013
- 3,147
- Nov 17, 2016
- 1,242
@cruelsister What about SUA as it pertains to non-documents? And how would it differ to UAC in admin.
@Umbra Would adding UAC or being in SUA be worth it when it comes to a point where you're secure enough that the marginal difference in protection would be minimal compared to the extra inconvenience and slowness when dimming? Would knowing elevation be useful for the common people - not just average users (as long as they're common enough)? When is UAC or SUA truly useful and when does it become just an inconvenience (as an individual, not to engineer people into making their stuffs in a certain way)?
@Umbra Would adding UAC or being in SUA be worth it when it comes to a point where you're secure enough that the marginal difference in protection would be minimal compared to the extra inconvenience and slowness when dimming? Would knowing elevation be useful for the common people - not just average users (as long as they're common enough)? When is UAC or SUA truly useful and when does it become just an inconvenience (as an individual, not to engineer people into making their stuffs in a certain way)?
Last edited:
All his here : Q&A - What is UAC?
SUA limit the privileges of the running processes.
Q&A - What is the Windows Integrity Mechanism?
I am on SUA + UAC max as a baseline, none of my systems are without those minimal requirements.
Will you discard your seatbelt because you have an airbag? i guess no.
Useful for every people.
Will you ignore a sudden UAC alert when you just clicked on a media file?
yes they are useful , they may becomes inconveniences when you install tons of software or do lot of admin tasks an hour (like doing them every 5mn...) ; but both are improbable.
If you are annoyed by clicking a prompt (which take 1sec) , so you should stop using a computer and better use a tablet.
Similar threads
