Video Comodo Firewall 10 Setup

cruelsister

Level 36
Content Creator
Verified
Joined
Apr 13, 2013
Messages
2,577
#1
A few things regarding the video:

1). If you just want the setup, that starts at 6:20

2). I left the HIPS disabled throughout the video. Although having it enabled would have alerted us to the threat in the Firewall Security configuration part, as I can think of no valid reason not to switch to proactive Security Config I did not want to belabor this point.

3). I did not elaborate on the various Sandbox levels, nor the differences in Safe vs Custom Firewall modes since these topics have been covered previously.

 

Tiny

Level 2
Joined
Dec 29, 2016
Messages
84
OS
Windows 10
Antivirus
Default-Deny
#2
This is a great guide. I have two questions though. Would you recommend tweaking the sandbox settings to treat files as untrusted in the edit section at around 8:24, instead of restricted? Finally, which antivirus would you recommend works best with CF10? Thanks again for the video!:)
 

BugCode

Level 10
Verified
Joined
Jan 9, 2017
Messages
459
#3
Nice, very nice indeed! :thumps up!:

Edit: Just installed CF 10 with cruelsister settings,(maybe little difference) and looking good. I just decide my antivirus collections to pick up something and i install avira pro. Well, moments ago i notice what that avira doing there almost, okay somekind of "must have antivirus installed syndroma",,,few nice monsters me and my friend tested, that friend is also who i got pretty nasty "monsters" to test, he send those to me and say just tested, he has doing nice new 0day monster(modified) i think, but anyway/how,,will see... looks decent!
 
Last edited:

HarborFront

Level 41
Content Creator
Verified
Joined
Oct 9, 2016
Messages
3,045
#4
Hi

After switching to Proactive Security my Zemana Antilogger is not running. CFW prompts me saying it is running in isolation. It was ok when ran in Firewall Security previously

I have it "Ignore" and "Trusted" in Auto-Sandbox.

Thanks

Note :- Problem solved. Reset to Firewall Security, re-boot and then set to Proactive Security again and now ZAL works fine
 
Last edited:

AtlBo

Level 26
Verified
Joined
Dec 29, 2014
Messages
1,530
Antivirus
Qihoo 360
#6
Thanks. Great video. I have a question about setting Sandbox this way:

Run->All Apps->Unrecognized->Restricted

I mean adjust the Run->All Apps->Unrecognized rule to automatically run restriced rather than virtualized. It gives the exact same pop up with the only difference being that the program may not run. Well, this is what I think it does. It this correct? Maybe another way to ask would be is, "Is this full or partial restriction?"
 

cruelsister

Level 36
Content Creator
Verified
Joined
Apr 13, 2013
Messages
2,577
#7
Tiny- The reason I suggest Restricted is more for newbies to Comodo, The Untrusted setting tends to make things just die in the sandbox, and a person new to virtualization may be confused when an existing legitimate (but unsigned) application no longer works. Restricted will give them an idea into what is occurring. Old hands can use Untrusted for maximal protection.

About an AV supplement- I'd go with either Qihoo or Avast. The better the AV, the less the sandbox has to work; the crappier the AV, the more stuff will be in the box. But the net result would be the same in both cases.

Morphius- Thanks for that! Comodo tends to ignore me. About the bypass- this is just a trick learned during a misspent youth. I prefer not to comment further, and will allow TO from Google instruct the BlackHats instead. Hope you understand.

AtlBo- Don't overthink things! that is when unexpected issues will present.

Finally, sorry for the delay in my responses. Saturday night is SOHO Loft party night, and this one I guess was good as the police were called...
 
Last edited:
Joined
Oct 22, 2012
Messages
4,055
#8
In the video, the autosandbox alert has the option "Unblock the application".

On Win 10, autosandbox alert dont have the option...I wonder if its a bug or Win 10 notification limitation? (on Win 10...CIS alerts are Win 10 type alerts)
 

Telos

Level 12
Verified
Joined
Jan 29, 2017
Messages
572
#9
Thanks for the helpful video. I have a conflict that I'm unable to resolve. When I open Chrome (64-bit) its Sticky Password extension triggers the auto-sandbox with a randomly named BAT file... for example...

C:\ProgramData\COMODO\Cis\tempscrp\C_cmd.exe_58EE0EADEB7D8CC3B96C25ACD53D6EBACF6D4282 [DOT] bat

This batch file then calls CONHOST which calls a Sticky Password executable (which is a trusted file).

When the Chrome extension is sandboxed it prevents login auto-fills (as you might expect). I hoped to whitelist this in some way, but each time I start Chrome, the batch file name is different... again, for example, "C_cmd.exe_D5C2F0C509B051E1FF76BE9A267B7F5B2340E19A" so that "Unblock the application" is required with each browser start.

Any thoughts on how to whitelist this extension?

FWIW, 360 A/V and VoodooShield are in use.
 
Joined
Sep 13, 2011
Messages
46
#13
Morphius- Thanks for that! Comodo tends to ignore me. About the bypass- this is just a trick learned during a misspent youth. I prefer not to comment further, and will allow TO from Google instruct the BlackHats instead. Hope you understand.

Sorry - just to clarify - you won't tell how this bypass is done thus will not help Comodo to fix this? Exposing Comodo's users to this "trick" used by blackhats? Are you a blackhat yourself? ;) Pls clarify if I have misunderstood you.
 
Likes: vivid
Joined
Oct 22, 2012
Messages
4,055
#15
You are correct. I unchecked "Enable embedded code detection" under HIPS (w/HIPS disabled), and that fixed things. Thank you.
Good to know fixed your probs.

I too had script errors probs on a website due to that option, unchecking the option solved the prob (HIPS disabled)...I was just testing CFW.

You are correct. I unchecked "Enable embedded code detection" under HIPS (w/HIPS disabled), and that fixed things. Thank you.
If I am correct, you can solve your probs excluding/trusting related files too.
 
Last edited by a moderator:
Likes: Telos

reboot

Level 3
Verified
Joined
Jan 27, 2017
Messages
143
OS
Windows 10
Antivirus
Default-Deny
#16
Thank you for the video. :) On Windows 10 would Windows Defender suffice as an AV supplement to this set-up?
 
Last edited by a moderator:

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
3,911
#17
Thanks for the helpful video. I have a conflict that I'm unable to resolve. When I open Chrome (64-bit) its Sticky Password extension triggers the auto-sandbox with a randomly named BAT file... for example...

C:\ProgramData\COMODO\Cis\tempscrp\C_cmd.exe_58EE0EADEB7D8CC3B96C25ACD53D6EBACF6D4282 [DOT] bat

This batch file then calls CONHOST which calls a Sticky Password executable (which is a trusted file).

When the Chrome extension is sandboxed it prevents login auto-fills (as you might expect). I hoped to whitelist this in some way, but each time I start Chrome, the batch file name is different... again, for example, "C_cmd.exe_D5C2F0C509B051E1FF76BE9A267B7F5B2340E19A" so that "Unblock the application" is required with each browser start.

Any thoughts on how to whitelist this extension?

FWIW, 360 A/V and VoodooShield are in use.
According to others this is the way it is supposed to work - it's a feature; ask them.
 
Last edited:

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
3,911
#19
someone, anyone, anybody, nobody, everybody, somebody, everyone...noone likes Comodo Standard Bug Report Format:p
Even when you report bugs with all the supporting files required for a bug fix directly to the man the makes the bug-fix decisions it still requires jumping through hoops.

It is what it is.
 
Joined
Oct 22, 2012
Messages
4,055
#20
Even when you report bugs with all the supporting files required for a bug fix directly to the man the makes the bug-fix decisions it still requires jumping through hoops.

It is what it is.
I mentioned to make uninstall tool And they mentioned to file a report.
 
Likes: Parsh

Similar Threads

Similar Threads