App Review Comodo Firewall 10 Setup

[cruelsister]

A few things regarding the video:

1). If you just want the setup, that starts at 6:20

2). I left the HIPS disabled throughout the video. Although having it enabled would have alerted us to the threat in the Firewall Security configuration part, as I can think of no valid reason not to switch to proactive Security Config I did not want to belabor this point.

3). I did not elaborate on the various Sandbox levels, nor the differences in Safe vs Custom Firewall modes since these topics have been covered previously.

 

[Tiny]

This is a great guide. I have two questions though. Would you recommend tweaking the sandbox settings to treat files as untrusted in the edit section at around 8:24, instead of restricted? Finally, which antivirus would you recommend works best with CF10? Thanks again for the video!

 

[BugCode]

Nice, very nice indeed! :thumps up!:

Edit: Just installed CF 10 with cruelsister settings,(maybe little difference) and looking good. I just decide my antivirus collections to pick up something and i install avira pro. Well, moments ago i notice what that avira doing there almost, okay somekind of "must have antivirus installed syndroma",,,few nice monsters me and my friend tested, that friend is also who i got pretty nasty "monsters" to test, he send those to me and say just tested, he has doing nice new 0day monster(modified) i think, but anyway/how,,will see... looks decent!

 

[HarborFront]

Hi

After switching to Proactive Security my Zemana Antilogger is not running. CFW prompts me saying it is running in isolation. It was ok when ran in Firewall Security previously

I have it "Ignore" and "Trusted" in Auto-Sandbox.

Thanks

Note :- Problem solved. Reset to Firewall Security, re-boot and then set to Proactive Security again and now ZAL works fine

 

[Morphius]

Hi, great video
And great news: I've already informed Comodo about Shared Space and ransomware problem, within next updates they will add these directories to protected objects by default

BTW, could you explain the mechanism of the second "by-pass" please?

 

[AtlBo]

Thanks. Great video. I have a question about setting Sandbox this way:

Run->All Apps->Unrecognized->Restricted

I mean adjust the Run->All Apps->Unrecognized rule to automatically run restriced rather than virtualized. It gives the exact same pop up with the only difference being that the program may not run. Well, this is what I think it does. It this correct? Maybe another way to ask would be is, "Is this full or partial restriction?"

 

[cruelsister]

Tiny- The reason I suggest Restricted is more for newbies to Comodo, The Untrusted setting tends to make things just die in the sandbox, and a person new to virtualization may be confused when an existing legitimate (but unsigned) application no longer works. Restricted will give them an idea into what is occurring. Old hands can use Untrusted for maximal protection.

About an AV supplement- I'd go with either Qihoo or Avast. The better the AV, the less the sandbox has to work; the crappier the AV, the more stuff will be in the box. But the net result would be the same in both cases.

Morphius- Thanks for that! Comodo tends to ignore me. About the bypass- this is just a trick learned during a misspent youth. I prefer not to comment further, and will allow TO from Google instruct the BlackHats instead. Hope you understand.

AtlBo- Don't overthink things! that is when unexpected issues will present.

Finally, sorry for the delay in my responses. Saturday night is SOHO Loft party night, and this one I guess was good as the police were called...

 

[Deleted member 2913]

In the video, the autosandbox alert has the option "Unblock the application".

On Win 10, autosandbox alert dont have the option...I wonder if its a bug or Win 10 notification limitation? (on Win 10...CIS alerts are Win 10 type alerts)

 

[codswollip]

Thanks for the helpful video. I have a conflict that I'm unable to resolve. When I open Chrome (64-bit) its Sticky Password extension triggers the auto-sandbox with a randomly named BAT file... for example...

C:\ProgramData\COMODO\Cis\tempscrp\C_cmd.exe_58EE0EADEB7D8CC3B96C25ACD53D6EBACF6D4282 [DOT] bat

This batch file then calls CONHOST which calls a Sticky Password executable (which is a trusted file).

When the Chrome extension is sandboxed it prevents login auto-fills (as you might expect). I hoped to whitelist this in some way, but each time I start Chrome, the batch file name is different... again, for example, "C_cmd.exe_D5C2F0C509B051E1FF76BE9A267B7F5B2340E19A" so that "Unblock the application" is required with each browser start.

Any thoughts on how to whitelist this extension?

FWIW, 360 A/V and VoodooShield are in use.

 

[Deleted member 2913]

Telos,

Under HIPS settings, the bottom option i.e down last option something script or something...I guess your prob is due to this new option. Uncheck the option & see if you get the prob or not?

 

[codswollip]

Telos,

Under HIPS settings, the bottom option i.e down last option something script or something...I guess your prob is due to this new option. Uncheck the option & see if you get the prob or not?

Thank you but HIPS is disabled.

 

[Deleted member 2913]

Thank you but HIPS is disabled.

I think with HIPS disabled too that option & couple other options checked/ticked by default under HIPS settings works...

 

[Morphius]

Morphius- Thanks for that! Comodo tends to ignore me. About the bypass- this is just a trick learned during a misspent youth. I prefer not to comment further, and will allow TO from Google instruct the BlackHats instead. Hope you understand.

Sorry - just to clarify - you won't tell how this bypass is done thus will not help Comodo to fix this? Exposing Comodo's users to this "trick" used by blackhats? Are you a blackhat yourself? Pls clarify if I have misunderstood you.

 

[codswollip]

I think with HIPS disabled too that option & couple other options checked/ticked by default under HIPS settings works...

You are correct. I unchecked "Enable embedded code detection" under HIPS (w/HIPS disabled), and that fixed things. Thank you.

 

[Deleted member 2913]

You are correct. I unchecked "Enable embedded code detection" under HIPS (w/HIPS disabled), and that fixed things. Thank you.

Good to know fixed your probs.

I too had script errors probs on a website due to that option, unchecking the option solved the prob (HIPS disabled)...I was just testing CFW.

You are correct. I unchecked "Enable embedded code detection" under HIPS (w/HIPS disabled), and that fixed things. Thank you.

If I am correct, you can solve your probs excluding/trusting related files too.

 

[reboot]

Thank you for the video. On Windows 10 would Windows Defender suffice as an AV supplement to this set-up?

 

[509322]

Thanks for the helpful video. I have a conflict that I'm unable to resolve. When I open Chrome (64-bit) its Sticky Password extension triggers the auto-sandbox with a randomly named BAT file... for example...

C:\ProgramData\COMODO\Cis\tempscrp\C_cmd.exe_58EE0EADEB7D8CC3B96C25ACD53D6EBACF6D4282 [DOT] bat

This batch file then calls CONHOST which calls a Sticky Password executable (which is a trusted file).

When the Chrome extension is sandboxed it prevents login auto-fills (as you might expect). I hoped to whitelist this in some way, but each time I start Chrome, the batch file name is different... again, for example, "C_cmd.exe_D5C2F0C509B051E1FF76BE9A267B7F5B2340E19A" so that "Unblock the application" is required with each browser start.

Any thoughts on how to whitelist this extension?

FWIW, 360 A/V and VoodooShield are in use.

According to others this is the way it is supposed to work - it's a feature; ask them.

 

[Deleted member 2913]

If this issue hasn't been reported to COMODO already, then someone should do so.

someone, anyone, anybody, nobody, everybody, somebody, everyone...noone likes Comodo Standard Bug Report Format

 

[509322]

someone, anyone, anybody, nobody, everybody, somebody, everyone...noone likes Comodo Standard Bug Report Format

Even when you report bugs with all the supporting files required for a bug fix directly to the man the makes the bug-fix decisions it still requires jumping through hoops.

It is what it is.

 

[Deleted member 2913]

Even when you report bugs with all the supporting files required for a bug fix directly to the man the makes the bug-fix decisions it still requires jumping through hoops.

It is what it is.

I mentioned to make uninstall tool And they mentioned to file a report.