- Jul 3, 2015
- 8,153
Okay, I tried paranoid mode. The forgetting rules bug struck me immediately. After each reboot, I was back to square one. Learning mode didn't help, hitting okay on prompts (with remember rule ticked) didn't help.
Comodo Firewall 10 Setup
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Dec 29, 2014
- 1,711
Thanks for this information @shmu26. Saved config and went to Paranoid a few minutes ago, but I haven't rebooted. Question about Training Mode. Does TM mean paranoid level pop ups as alerts but Comodo uses current rules...i.e. and opportunity to make a permanent rule/rule change if I see something? Trying a reboot now and add the result.
- Jul 3, 2015
- 8,153
Maybe others can tell you. It didn't work right for me, so I don't know what it is supposed to do.
- Dec 29, 2014
- 1,711
Thanks. Didn't lose rules after boot but I'm sure I would soon enough. Maybe I'll try TM later. Back to Safe Mode w/a reboot no rules loss again. I think the ideal setup would be cruelsister's auto-sandbox + a choice to unblock + a choice to leave HIPs on when unblocking. Put the choice either on the sandbox alert (not exactly safe) or give the option when unblocking from the "Unblock Applications" on the widget if Comodo thinks its good discipline to force people to go there to unbox an unrecognized.
- Jul 3, 2015
- 8,153
My idea of a tight config for Comodo is like this:
1 Add the entire Windows folder to the trusted files list (it takes Comodo quite a long time, in several slow steps, to do this). Also add the Comodo folder, and any other security softs you are running.
2 Untick both the cloud lookup and the "trust applications signed by..." (but leave the tick by "trust files installed by...
3 Put HIPS in learning mode for the first reboot.
- Dec 29, 2014
- 1,711
Sounds like a great plan honestly. I could go with simple cs sandbox and then Safe Mode for HIPs without any troubles (other than better access to logging controls such as what to log) if I could do as I described from the widget. Made a diagram to try to show what I mean in below:
I guess you can't very well run your config if the settings will disappear. I wonder if there is some trigger in Comodo that will dump the settings if Comodo is holding up a boot? Like a timed settings dump. The problem sure goes back a long way.
Last edited:
- Jul 3, 2015
- 8,153
There are so many different ways to cut the cake, that's why it's so fun.
If Comodo is preventing Windows from starting up, just boot into safe mode, and then start up Comodo, and put it in training mode (or disable components, or whatever you have to do)
- Apr 13, 2013
- 3,147
Guys- you are making things way, way too complicated.
- Jul 3, 2015
- 8,153
Oh, and one more tweak, despite @cruelsister's wise, sagely warnings: in HIPS advanced settings, put a tick by "block all unknown requests..."
This will help to counteract the fact that Comodo protection kicks in pretty slow after rebooting.
You might have to temporarily undo this setting, after installing a new program that has automatic startup.
This will help to counteract the fact that Comodo protection kicks in pretty slow after rebooting.
You might have to temporarily undo this setting, after installing a new program that has automatic startup.
- Apr 13, 2013
- 3,147
If I may expand: Don't make simple things into Rocket Science unless you happen to be a Rocket Scientist.
- May 16, 2017
- 197
- Jul 3, 2015
- 8,153
But wait, MT members are students of "rocket science", are we not?
The only way to really learn is to blow up a couple rockets...
- Oct 2, 2014
- 805
I haven't had any issues with rules disappearing, and my computer has been running very quiet on paranoid HIPS. Lucky me.
- May 9, 2017
- 145
Thank You AtlBo. I guess something as simple as a screenshot can open the eyes.
What it did for me was answered my own question. I may have missed it before but now I get it.
Even if you choose to UNBLOCK the entire BLOCK list (which of course is NOT the proper course, we can still go into the FILE RATING list and modify them to the different levels.
That's really all I was looking for to complete my own tour of that particular setting.
Also, I not experienced losing any rules (at least not yet) but then again I haven't applied the HIPS and did a reboot either. I suppose that's wherein some issue crops up about that.
But be that as it may, still that's no deal breaker on this end by a long shot. This puppy has some BITE!
- Jul 3, 2015
- 8,153
Yes, I liked that screenshot, too.Thank You AtlBo. I guess something as simple as a screenshot can open the eyes.
What it did for me was answered my own question. I may have missed it before but now I get it.
Even if you choose to UNBLOCK the entire BLOCK list (which of course is NOT the proper course, we can still go into the FILE RATING list and modify them to the different levels.
That's really all I was looking for to complete my own tour of that particular setting.
Also, I not experienced losing any rules (at least not yet) but then again I haven't applied the HIPS and did a reboot either. I suppose that's wherein some issue crops up about that.
But be that as it may, still that's no deal breaker on this end by a long shot. This puppy has some BITE!
- Dec 29, 2014
- 1,711
Looked at this extensively this AM. Definitely, Comodo should split unblocking into three parts and place it all in the "Unblock Applications" area. Also, this means to me that the option to "Unblock this application" on the Containment alert should be replaced with standard text "Unblock using 'Unblock Applications' on the widget". It's a long story, but there is too much pressure on users to answer to this alert at the exact time they want to see what a program will do. A couple of other little caveats about "Unblock this application" on the Containment alert. As things are, this also leads to even a completely unknown file/app being classified as "Trusted". This should never happen, and it's absolutely not in the first sense necessary. Even if the link on the alert were a good idea, it could easily create a Containment allow rule that doesn't require the File/App to carry the "Trusted" rating. This is what this type of rule should look like in the first place: Appname->rating "Unrecognized"->Ignore. Literally there is not one reason for it to be any other way. On the plus side only one rule, the Containment rule, is created by using the alert link to unblock in comparison to the full security off for a file/app effect of "Unblock Applications" from the widget. Not that it matters though, because the same damage is done with when the alert unblock issues the "Trusted" rating to the file/app.
After really looking it over with a fine tooth comb, I think Comodo need to do this, although I don't feel like pressing them about anything right now. I do want users here to know, that they will have to manually make changes if they use the Comodo unblock dialogs anywhere. The way things are is hurting the value of Firewall and HIPs imo...
EDIT: If you are an orthodox user of @cruelsister's settings, you can handle this her way. She believes in HIPs off anyway, so the file rating of "Trusted" isn't going to affect them for you. The only time you may run into an issue is if you decide to run an application outside of Containment that is Auto-contained. With cs' settings, you won't have HIPs to tell you what the app/file wants to do outside of the container. For sure, HIPs isn't perfect anyway. One or two HIPs allows can alone allow the full damage of a malicious program. You also won't get Firewall alerts for "Trusted" applications if you like to control those. Anyway, you are probably still well protected running a self-trusted app outside containment from many/most malwares, assuming you are using Advanced->Miscellaneous->Do heuristic command-line analysis. As far as I know, cs leaves this enabled which I recommend to the highest degree at this point. I take it one step further and recommend enabling all of the protections available via that dialog in the "certain applications" area. I haven't run into any hassles doing this for about 3 months now.
Above the EDIT is for those who really want the full layered protection capability of Comodo (CIS/Firewall) basically.
Last edited:
- Jul 13, 2015
- 65
Comodo people are watching your videos and recommending, now opened a warning here Comodo telling me how the product protects against ransomwares, clicking the warning, opened a tab in my browser leading me to your last video on youtube . I do not know if your intention was such an impact but even then congratulations for the excellent work !!! Sorry for the bad English, I'm using Gogle Translator, I only speak and write Portuguese br ...
- Apr 13, 2013
- 3,147
Source- The English is very fine, and probably better than many Americans! Thank you for you kind words, and although Comodo never consults with me (I had no idea they were going to link to this video), I can't complain as if only one person is saved from malware by using the superb Comodo Firewall I am content.
- Dec 29, 2014
- 1,711
Saw this last night for the second time @cruelsister. Thought I was seeing things the first time but how exciting! Since I know Comodo is watching, thanks for version 10, which was a big step forward from v8 for me. Please keep it going!
Similar threads
