1. Deletedmessiah

    Deletedmessiah Level 15

    Jan 16, 2017
    714
    6,569
    SSD
    Windows 8.1
    Emsisoft
    I didn't like that "ha ha" though but no problem :p :) I just hope the moderators don't get angry over this going off topic.
     
    Sunshine-boy, shmu26 and ZeroDay like this.
  2. ZeroDay

    ZeroDay Level 22

    Aug 17, 2013
    1,116
    3,179
    Birmingham UK
    Windows 10
    Kaspersky
    I honestly didn't mean anything by the ha ha. Umbra is staff and I've seen him type LOLLLLLLOLLL to devs, but it's just harmless banter there's no disrespect meant. My apologies that it offended you.
     
  3. Deletedmessiah

    Deletedmessiah Level 15

    Jan 16, 2017
    714
    6,569
    SSD
    Windows 8.1
    Emsisoft
    No worries. I don't take that as disrespect. The internet is so toxic and even the worst I've seen on MT seems extremely polite in comparison lol.
     
    ZeroDay, Sunshine-boy and shmu26 like this.
  4. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,169
    5,186
    IRAN
    Windows 10
    ESET
    #424 Sunshine-boy, Nov 2, 2017
    Last edited: Nov 2, 2017
    I think you cant understand the different bteween bypassing the firewall and the real-time or antivirus protection.
    These tests show the Eset AV bypassed (on default settings)not the firewall what is the job of the firewall? protecting against hackers and inbound connections or blocking the samples??:notworthy:
    Also, they are testing the comodo with cs settings(proactive settings)! while testing Eset or other Avs on default settings!even 5 years old kid can understand it's not fair!
    You can simply Set Eset firewall in interactive mode(same of other Avs) and it will ask for every conecntion also you can tweak the Hips to wrok as an Anti-Exe(or more)the protection is there:)
    Tweak the Eset HIPS and provided settings(like what they did for comodo)and you will not see any red color anymore;)
     
    Rebsat, Deletedmessiah and shmu26 like this.
  5. Rebsat

    Rebsat Level 5

    Apr 13, 2014
    213
    592
    Sulaimaniya, Iraq
    Windows 7
    Emsisoft
    Firewall Outbound Attacks Protection Test (July 2013) over here


    fire.PNG
     
    ZeroDay, XhenEd and Deletedmessiah like this.
  6. Rebsat

    Rebsat Level 5

    Apr 13, 2014
    213
    592
    Sulaimaniya, Iraq
    Windows 7
    Emsisoft
    #426 Rebsat, Nov 2, 2017
    Last edited: Nov 2, 2017
    Comodo Firewall also has flaws, I've tested with other malware, and it has allowed them to run and infect. For example, the malware embedded in CCleaner ran freely even with @cruelsister great settings :eek:

    A User on Youtube shared his concerns about the following problems with Comodo Firewall and already asked @cruelsister about it.
    Link to the video over here


     
    ZeroDay, XhenEd and Deletedmessiah like this.
  7. Telos

    Telos Level 8

    Jan 29, 2017
    377
    988
    Baana
    Nothing stopped the compromised CCleaner when it was released. Such is life.
     
    simmerskool, ZeroDay, klaken and 2 others like this.
  8. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    It is why when i install Comodo, i always delete the TVL and rebuild it myself and run Comodo at paranoid. The ccleaner issue wouldn't bypass my setting.
     
    simmerskool, ZeroDay, Rebsat and 3 others like this.
  9. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,701
    11,829
    AppGuard LLC Virginia, U.S.
    Please don't post 4 year old tests. They are obsolete and invalid.
     
    simmerskool, ZeroDay, Rebsat and 5 others like this.
  10. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,255
    13,523
    Utopia
    Umbra, if you run it at paranoid, why do you also set it to make rules for trusted applications?
     
    Rebsat likes this.
  11. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    hehehe maybe you forgot/missed the discussion about a malware added by accident in the cloud look up, right?

    In the HIPS setting, "Create rules for trusted application" is influenced by:

    1- i decide what is trusted
    2- i wiped the TVL, so only my few trusted vendors are in it.
    3- Paranoid Mode ignore the Comodo Safe List and the cloud look up as well.

    So basically i have less popups from any softs from my TVL.
     
  12. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,255
    13,523
    Utopia
    Hi, I didn't forget the discussion about Comodo false negatives, but I am still struggling to understand how your method works. Maybe it is the solution to a problem I was having.
    Let's go step by step:
    I do not enable "Create rules for trusted application".
    And I have Microsoft Windows on my TVL.
    If I am in paranoid mode, I will still get a prompt when a windows process runs, and surely I will get a prompt when an unknown process runs.
    Now, I go and enable "Create rules for trusted application" . How does this change things?
     
  13. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Point 3 takes prevalence, i still get prompts from Windows' processes if they aren't yet on the HIPS rules,so my setting will bombard you of prompts the first few hours/days (but i assume less than unticking the box) then once all is set you will only have occasional prompts if you run some windows tools or some processes are executed.

    Comodo's Myths & Facts
     
    simmerskool, ZeroDay and shmu26 like this.
  14. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,255
    13,523
    Utopia
    Thanks, Umbra!
     
    simmerskool and ZeroDay like this.
  15. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    What is important with Comodo HIPS are the rulesets, you have to make your own ones and applied them respectively to specific applications.
     
    simmerskool and shmu26 like this.
  16. cruelsister

    cruelsister Level 32
    Trusted

    Apr 13, 2013
    2,131
    12,418
    NYC
    Allow me to butt in here to discuss the CCleaner malware:

    1). This thing was both SIGNED (legitimately) and available for download from the company's own servers.
    2). CCleaner in itself was not (kinda-sorta) the actual malware! What it did was to connect to a non-Piriform server to download the payload(s) which were targeted to specific organizations (specialized secondary payloads). Infection would have only occurred after the payload was downloaded and run, and for a number of arcane reasons this (these) payload(s) are not available for testing. However I did not catch a hint that the payload(s) themselves were signed- and if they were not they would have been treated like any other malware and contained.

    Anyway, the actual payloads would only infect the targeted machines to the extent of creating a backdoor for espionage related data acquisition. But as this backdoor was not part of the initial CCleaner installation cascade there is no reason to believe that the Firewall, if set as I suggest, would not have precluded Outbound connections and thus stopped the handshake needed for the data acquisition queries to proceed.

    That it was targeted only should actually be intuitively obvious- the acquisition of the Private Key to sign AND getting the FTP credentials to upload the trojan to a legitimate server is neither easy nor inexpensive. The difficulty (and expense) of doing this makes it pointless for widespread dissemination to Riffraff like us (the more disseminated publicly, the higher the odds for early detection). High quality stuff like this has a purpose and that purpose is never going to be shaking down Mooks for a couple of bucks.

    Finally, for those paranoid I did post a couple of videos a few years ago (God! have I really been doing this for that long? Someone needs a Life...) about a Nightmare Scenario where an exceptionally Highly Signed malware can penetrate even a Restricted TVL.
    But as Umbra properly states the Comodo TVL can be modified to preclude installation by any but a few vendors for those concerned. And sadly there is another video on how to do this.

    But the really important point is that Comodo gives one the ability to include these restrictions. Does anyone else?
     
  17. ZeroDay

    ZeroDay Level 22

    Aug 17, 2013
    1,116
    3,179
    Birmingham UK
    Windows 10
    Kaspersky
    I assure you I can tell the difference lol. When the AV is bypassed malware can download the payload/s going straight through the firewall. and, once the payloads install they also connect out going straight through Eset's firewall both ways in and out. Please do some research.
     
  18. Decopi

    Decopi Level 1

    Oct 29, 2017
    28
    60
    Paradise
    Please, simple questions:

    1) With CS' settings in CF, does ViruScope option need to be enabled? Is it adding anything to CS' settings?

    2) If I disable HIPS, will this also disable "Protected Data Folders"?

    3) Website Filtering? On? Off? Does this option add anything relevant to CS' settings?

    4) Enable or disable Cloud Lookup with CS' settings?

    5) I can understand CS' opinion about "CF is enough, doesn't need an AV or AM". However, what about browsers? How to deal with phishing, scams, fake websites, tracking, spying, privacy issues etc? Don't we need an AV or AM to take care of this browsers garbage and other online-dangers?

    Thank you!
     
  19. Telos

    Telos Level 8

    Jan 29, 2017
    377
    988
    Baana
    1. CS shows ViruScope enabled.
    2. Firewall and Containment settings should protect your system.
    3. CS shows Website Filtering enabled.
    4. I use the default settings.
    5. Website filtering should handle most of those concerns. AV has no effect on the threats you enumerated.

    Ref

    That all said a basic AV running alongside CF is fine. CS has mentioned Avast Free, Qihoo 360, and Kaspersky Free IIRC. For me, I just allow Windows Defender to do its thang in the background.
     
    simmerskool, bribon77, shmu26 and 3 others like this.
  20. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,143
    4,512
    Qihoo 360
    Answers below. These are just my impressions at the current time:

    No, it doesn't do anything at the present time. I leave it on, because Comodo use the Recognizer in VS to gather information on malware behaviors. It isn't even functional. Viruscope has been on a VERY slow development cycle.

    Yes. You can verify this by going to Settings->HIPS settings->Monitoring settings (just below Enable HIPS). You can see the Protected file/folder setting is there, so it is HIPS that monitors them.

    Haven't ever seen it do anything. Another Comodo project.

    If you use the standard Trusted Vendor List (aren't relying on your own changes to the list), then leave Cloud Lookup on. It's actually fairly powerful, and I think where Comodo will focus improvements.

    A-V-I use an a-v with Comodo in case I make a mistake. The Comodo sandbox will tell you that Comodo doesn't like the app or that it isn't signed or is signed improperly. However, if anything gets by that a good a-v will help. Personally, for free Avast is probably the best for this because of the internet blocking it does from the program. Don't' forget that Avast free is has great features and protection and the use of the cloud is intense for a free a-v. The companion browser extension is extrememly good too. Bitdefender Free is just plain amazing detection. I think the internet protection is even better than Avast (detecting bad sites/bad downloads), but I am not sure about this. Haven't had a chance to use BD Free, and I am going from memory of a video review. Just can't recall if it was Free or BDIS.

    Browser-Use a good content/ad blocker like uBlock Origin. If you really want to go all the way, you can run the browser contained by clicking on the Comodo widget to start it. Avast has a very nice content advisor browser extension, also.

    As for other malware, Comodo is supposed to have your back with script monitoring. I'm not sure about this, and I am hoping @cruelsister will test Comodo against command line reliant malware with only the command line heuristics module enabled. Until the time this occurs, I will be using NVT EXE Radar Pro. However, Avast hardened mode set to the highest will block alot of malware activity. VoodooShield Free could be a good lightweight replacement for NVT ERP if you are worried about scripts. Comodo + Avast will be very good though...
     
Loading...
Similar Threads Forum Date
Video Review Comodo Firewall 8 2 0 4508 Setup and Test Part 2 Video Reviews May 21, 2015
Video Review Comodo Firewall 8.2.0.4508 Setup and Brief Test- Part 1 Video Reviews May 18, 2015
Video Review Comodo Firewall 8.2 Beta Setup and (very) Brief Test Video Reviews Mar 15, 2015