cruelsister

Level 36
Verified
Trusted
Content Creator
A few things regarding the video:

1). If you just want the setup, that starts at 6:20

2). I left the HIPS disabled throughout the video. Although having it enabled would have alerted us to the threat in the Firewall Security configuration part, as I can think of no valid reason not to switch to proactive Security Config I did not want to belabor this point.

3). I did not elaborate on the various Sandbox levels, nor the differences in Safe vs Custom Firewall modes since these topics have been covered previously.

 

Tiny

Level 3
This is a great guide. I have two questions though. Would you recommend tweaking the sandbox settings to treat files as untrusted in the edit section at around 8:24, instead of restricted? Finally, which antivirus would you recommend works best with CF10? Thanks again for the video!:)
 

BugCode

Level 10
Verified
Nice, very nice indeed! :thumps up!:

Edit: Just installed CF 10 with cruelsister settings,(maybe little difference) and looking good. I just decide my antivirus collections to pick up something and i install avira pro. Well, moments ago i notice what that avira doing there almost, okay somekind of "must have antivirus installed syndroma",,,few nice monsters me and my friend tested, that friend is also who i got pretty nasty "monsters" to test, he send those to me and say just tested, he has doing nice new 0day monster(modified) i think, but anyway/how,,will see... looks decent!
 
Last edited:

HarborFront

Level 46
Verified
Content Creator
Hi

After switching to Proactive Security my Zemana Antilogger is not running. CFW prompts me saying it is running in isolation. It was ok when ran in Firewall Security previously

I have it "Ignore" and "Trusted" in Auto-Sandbox.

Thanks

Note :- Problem solved. Reset to Firewall Security, re-boot and then set to Proactive Security again and now ZAL works fine
 
Last edited:

AtlBo

Level 26
Verified
Content Creator
Thanks. Great video. I have a question about setting Sandbox this way:

Run->All Apps->Unrecognized->Restricted

I mean adjust the Run->All Apps->Unrecognized rule to automatically run restriced rather than virtualized. It gives the exact same pop up with the only difference being that the program may not run. Well, this is what I think it does. It this correct? Maybe another way to ask would be is, "Is this full or partial restriction?"
 

cruelsister

Level 36
Verified
Trusted
Content Creator
Tiny- The reason I suggest Restricted is more for newbies to Comodo, The Untrusted setting tends to make things just die in the sandbox, and a person new to virtualization may be confused when an existing legitimate (but unsigned) application no longer works. Restricted will give them an idea into what is occurring. Old hands can use Untrusted for maximal protection.

About an AV supplement- I'd go with either Qihoo or Avast. The better the AV, the less the sandbox has to work; the crappier the AV, the more stuff will be in the box. But the net result would be the same in both cases.

Morphius- Thanks for that! Comodo tends to ignore me. About the bypass- this is just a trick learned during a misspent youth. I prefer not to comment further, and will allow TO from Google instruct the BlackHats instead. Hope you understand.

AtlBo- Don't overthink things! that is when unexpected issues will present.

Finally, sorry for the delay in my responses. Saturday night is SOHO Loft party night, and this one I guess was good as the police were called...
 
Last edited:
D

Deleted member 2913

In the video, the autosandbox alert has the option "Unblock the application".

On Windows 10, autosandbox alert dont have the option...I wonder if its a bug or Windows 10 notification limitation? (on Windows 10...CIS alerts are Windows 10 type alerts)
 

Telos

Level 15
Verified
Content Creator
Thanks for the helpful video. I have a conflict that I'm unable to resolve. When I open Chrome (64-bit) its Sticky Password extension triggers the auto-sandbox with a randomly named BAT file... for example...

C:\ProgramData\COMODO\Cis\tempscrp\C_cmd.exe_58EE0EADEB7D8CC3B96C25ACD53D6EBACF6D4282 [DOT] bat

This batch file then calls CONHOST which calls a Sticky Password executable (which is a trusted file).

When the Chrome extension is sandboxed it prevents login auto-fills (as you might expect). I hoped to whitelist this in some way, but each time I start Chrome, the batch file name is different... again, for example, "C_cmd.exe_D5C2F0C509B051E1FF76BE9A267B7F5B2340E19A" so that "Unblock the application" is required with each browser start.

Any thoughts on how to whitelist this extension?

FWIW, 360 A/V and VoodooShield are in use.
 

Morphius

Level 1
Morphius- Thanks for that! Comodo tends to ignore me. About the bypass- this is just a trick learned during a misspent youth. I prefer not to comment further, and will allow TO from Google instruct the BlackHats instead. Hope you understand.

Sorry - just to clarify - you won't tell how this bypass is done thus will not help Comodo to fix this? Exposing Comodo's users to this "trick" used by blackhats? Are you a blackhat yourself? ;) Pls clarify if I have misunderstood you.
 
  • Like
Reactions: vivid
D

Deleted member 2913

You are correct. I unchecked "Enable embedded code detection" under HIPS (w/HIPS disabled), and that fixed things. Thank you.
Good to know fixed your probs.

I too had script errors probs on a website due to that option, unchecking the option solved the prob (HIPS disabled)...I was just testing CFW.

You are correct. I unchecked "Enable embedded code detection" under HIPS (w/HIPS disabled), and that fixed things. Thank you.
If I am correct, you can solve your probs excluding/trusting related files too.
 
Last edited by a moderator:
  • Like
Reactions: Telos

reboot

Level 3
Verified
Thank you for the video. :) On Windows 10 would Windows Defender suffice as an AV supplement to this set-up?
 
Last edited by a moderator:
5

509322

Thanks for the helpful video. I have a conflict that I'm unable to resolve. When I open Chrome (64-bit) its Sticky Password extension triggers the auto-sandbox with a randomly named BAT file... for example...

C:\ProgramData\COMODO\Cis\tempscrp\C_cmd.exe_58EE0EADEB7D8CC3B96C25ACD53D6EBACF6D4282 [DOT] bat

This batch file then calls CONHOST which calls a Sticky Password executable (which is a trusted file).

When the Chrome extension is sandboxed it prevents login auto-fills (as you might expect). I hoped to whitelist this in some way, but each time I start Chrome, the batch file name is different... again, for example, "C_cmd.exe_D5C2F0C509B051E1FF76BE9A267B7F5B2340E19A" so that "Unblock the application" is required with each browser start.

Any thoughts on how to whitelist this extension?

FWIW, 360 A/V and VoodooShield are in use.
According to others this is the way it is supposed to work - it's a feature; ask them.
 
Last edited by a moderator:
D

Deleted member 2913

Even when you report bugs with all the supporting files required for a bug fix directly to the man the makes the bug-fix decisions it still requires jumping through hoops.

It is what it is.
I mentioned to make uninstall tool And they mentioned to file a report.
 
  • Like
Reactions: Parsh