Video Review Comodo Firewall 10 Setup

Discussion in 'Video Reviews' started by cruelsister, Jan 28, 2017.

  1. cruelsister

    cruelsister Level 32
    Trusted

    Apr 13, 2013
    2,131
    12,420
    NYC
    Video Uploaded by:
    cruelsister
    A few things regarding the video:

    1). If you just want the setup, that starts at 6:20

    2). I left the HIPS disabled throughout the video. Although having it enabled would have alerted us to the threat in the Firewall Security configuration part, as I can think of no valid reason not to switch to proactive Security Config I did not want to belabor this point.

    3). I did not elaborate on the various Sandbox levels, nor the differences in Safe vs Custom Firewall modes since these topics have been covered previously.

     
    CyberTech, bribon77, Rebsat and 35 others like this.
  2. Tiny

    Tiny Level 2

    Dec 29, 2016
    56
    247
    Africa
    Windows 10
    Emsisoft
    This is a great guide. I have two questions though. Would you recommend tweaking the sandbox settings to treat files as untrusted in the edit section at around 8:24, instead of restricted? Finally, which antivirus would you recommend works best with CF10? Thanks again for the video!:)
     
    MWNu72, Parsh, AtlBo and 1 other person like this.
  3. BugCode

    BugCode Level 10

    Jan 9, 2017
    460
    4,529
    FireFighter
    Oeno Island
    #3 BugCode, Jan 28, 2017
    Last edited: Jan 29, 2017
    Nice, very nice indeed! :thumps up!:

    Edit: Just installed CF 10 with cruelsister settings,(maybe little difference) and looking good. I just decide my antivirus collections to pick up something and i install avira pro. Well, moments ago i notice what that avira doing there almost, okay somekind of "must have antivirus installed syndroma",,,few nice monsters me and my friend tested, that friend is also who i got pretty nasty "monsters" to test, he send those to me and say just tested, he has doing nice new 0day monster(modified) i think, but anyway/how,,will see... looks decent!
     
    Tiny, MWNu72, AtlBo and 1 other person like this.
  4. HarborFront

    HarborFront Level 34
    Content Creator

    Oct 9, 2016
    2,305
    5,768
    Far East
    #4 HarborFront, Jan 28, 2017
    Last edited: Jan 29, 2017
    Hi

    After switching to Proactive Security my Zemana Antilogger is not running. CFW prompts me saying it is running in isolation. It was ok when ran in Firewall Security previously

    I have it "Ignore" and "Trusted" in Auto-Sandbox.

    Thanks

    Note :- Problem solved. Reset to Firewall Security, re-boot and then set to Proactive Security again and now ZAL works fine
     
    Parsh, Polygon and AtlBo like this.
  5. Morphius

    Morphius Level 1

    Sep 13, 2011
    31
    42
    Hi, great video :)
    And great news: I've already informed Comodo about Shared Space and ransomware problem, within next updates they will add these directories to protected objects by default :)

    BTW, could you explain the mechanism of the second "by-pass" please?
     
  6. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,516
    Qihoo 360
    Thanks. Great video. I have a question about setting Sandbox this way:

    Run->All Apps->Unrecognized->Restricted

    I mean adjust the Run->All Apps->Unrecognized rule to automatically run restriced rather than virtualized. It gives the exact same pop up with the only difference being that the program may not run. Well, this is what I think it does. It this correct? Maybe another way to ask would be is, "Is this full or partial restriction?"
     
    MWNu72, Parsh, BugCode and 3 others like this.
  7. cruelsister

    cruelsister Level 32
    Trusted

    Apr 13, 2013
    2,131
    12,420
    NYC
    #7 cruelsister, Jan 29, 2017
    Last edited: Jan 29, 2017
    Tiny- The reason I suggest Restricted is more for newbies to Comodo, The Untrusted setting tends to make things just die in the sandbox, and a person new to virtualization may be confused when an existing legitimate (but unsigned) application no longer works. Restricted will give them an idea into what is occurring. Old hands can use Untrusted for maximal protection.

    About an AV supplement- I'd go with either Qihoo or Avast. The better the AV, the less the sandbox has to work; the crappier the AV, the more stuff will be in the box. But the net result would be the same in both cases.

    Morphius- Thanks for that! Comodo tends to ignore me. About the bypass- this is just a trick learned during a misspent youth. I prefer not to comment further, and will allow TO from Google instruct the BlackHats instead. Hope you understand.

    AtlBo- Don't overthink things! that is when unexpected issues will present.

    Finally, sorry for the delay in my responses. Saturday night is SOHO Loft party night, and this one I guess was good as the police were called...
     
  8. Yash Khan

    Yash Khan Level 51

    Oct 22, 2012
    4,055
    8,960
    In the video, the autosandbox alert has the option "Unblock the application".

    On Win 10, autosandbox alert dont have the option...I wonder if its a bug or Win 10 notification limitation? (on Win 10...CIS alerts are Win 10 type alerts)
     
    Av Gurus, AtlBo and Parsh like this.
  9. Telos

    Telos Level 8

    Jan 29, 2017
    378
    996
    Baana
    Thanks for the helpful video. I have a conflict that I'm unable to resolve. When I open Chrome (64-bit) its Sticky Password extension triggers the auto-sandbox with a randomly named BAT file... for example...

    C:\ProgramData\COMODO\Cis\tempscrp\C_cmd.exe_58EE0EADEB7D8CC3B96C25ACD53D6EBACF6D4282 [DOT] bat

    This batch file then calls CONHOST which calls a Sticky Password executable (which is a trusted file).

    When the Chrome extension is sandboxed it prevents login auto-fills (as you might expect). I hoped to whitelist this in some way, but each time I start Chrome, the batch file name is different... again, for example, "C_cmd.exe_D5C2F0C509B051E1FF76BE9A267B7F5B2340E19A" so that "Unblock the application" is required with each browser start.

    Any thoughts on how to whitelist this extension?

    FWIW, 360 A/V and VoodooShield are in use.
     
    Parsh, Yash Khan and AtlBo like this.
  10. Yash Khan

    Yash Khan Level 51

    Oct 22, 2012
    4,055
    8,960
    Telos,

    Under HIPS settings, the bottom option i.e down last option something script or something...I guess your prob is due to this new option. Uncheck the option & see if you get the prob or not?
     
    Andytay70, Parsh, Telos and 1 other person like this.
  11. Telos

    Telos Level 8

    Jan 29, 2017
    378
    996
    Baana
    Thank you but HIPS is disabled.
     
    Yash Khan likes this.
  12. Yash Khan

    Yash Khan Level 51

    Oct 22, 2012
    4,055
    8,960
    I think with HIPS disabled too that option & couple other options checked/ticked by default under HIPS settings works...
     
    Parsh and Telos like this.
  13. Morphius

    Morphius Level 1

    Sep 13, 2011
    31
    42

    Sorry - just to clarify - you won't tell how this bypass is done thus will not help Comodo to fix this? Exposing Comodo's users to this "trick" used by blackhats? Are you a blackhat yourself? ;) Pls clarify if I have misunderstood you.
     
    vivid likes this.
  14. Telos

    Telos Level 8

    Jan 29, 2017
    378
    996
    Baana
    You are correct. I unchecked "Enable embedded code detection" under HIPS (w/HIPS disabled), and that fixed things. Thank you.
     
    Parsh and Yash Khan like this.
  15. Yash Khan

    Yash Khan Level 51

    Oct 22, 2012
    4,055
    8,960
    #15 Yash Khan, Jan 29, 2017
    Last edited by a moderator: Jan 29, 2017
    Good to know fixed your probs.

    I too had script errors probs on a website due to that option, unchecking the option solved the prob (HIPS disabled)...I was just testing CFW.

    If I am correct, you can solve your probs excluding/trusting related files too.
     
    Telos likes this.
  16. reboot

    reboot Level 3

    Jan 27, 2017
    143
    402
    Marketing consultant
    Australia
    Windows 10
    Default-Deny
    #16 reboot, Jan 29, 2017
    Last edited by a moderator: Jan 29, 2017
    Thank you for the video. :) On Windows 10 would Windows Defender suffice as an AV supplement to this set-up?
     
  17. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,706
    11,855
    AppGuard LLC Virginia, U.S.
    #17 Lockdown, Jan 29, 2017
    Last edited: Jan 29, 2017
    According to others this is the way it is supposed to work - it's a feature; ask them.
     
    _CyberGhosT_, Yash Khan and Telos like this.
  18. Yash Khan

    Yash Khan Level 51

    Oct 22, 2012
    4,055
    8,960
    someone, anyone, anybody, nobody, everybody, somebody, everyone...noone likes Comodo Standard Bug Report Format:p
     
    Andytay70 and nikos200 like this.
  19. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,706
    11,855
    AppGuard LLC Virginia, U.S.
    Even when you report bugs with all the supporting files required for a bug fix directly to the man the makes the bug-fix decisions it still requires jumping through hoops.

    It is what it is.
     
    Andytay70 and Yash Khan like this.
  20. Yash Khan

    Yash Khan Level 51

    Oct 22, 2012
    4,055
    8,960
    I mentioned to make uninstall tool And they mentioned to file a report.
     
    Parsh likes this.
Loading...
Similar Threads Forum Date
Video Review Comodo Firewall 8 2 0 4508 Setup and Test Part 2 Video Reviews May 21, 2015
Video Review Comodo Firewall 8.2.0.4508 Setup and Brief Test- Part 1 Video Reviews May 18, 2015
Video Review Comodo Firewall 8.2 Beta Setup and (very) Brief Test Video Reviews Mar 15, 2015