Video Comodo Firewall 10 Setup

Deletedmessiah

Level 20
Verified
Joined
Jan 16, 2017
Messages
991
OS
Windows 8.1
I'm off to the gym now my sister is here to sit with my mom whilst she's ill. I'll be back in an hour or so. I really like this conversation and we'll benefit from sharing and exploring. Sorry If I've come across s rude, as I said my mom had a mini stroke Sunday so I'm more than a little tense.
I didn't like that "ha ha" though but no problem :p :) I just hope the moderators don't get angry over this going off topic.
 

ZeroDay

Level 26
Verified
Joined
Aug 17, 2013
Messages
1,544
OS
Linux
Antivirus
Isolation
I didn't like that "ha ha" though but no problem :p :) I just hope the moderators don't get angry over this going off topic.
I honestly didn't mean anything by the ha ha. Umbra is staff and I've seen him type LOLLLLLLOLLL to devs, but it's just harmless banter there's no disrespect meant. My apologies that it offended you.
 

Deletedmessiah

Level 20
Verified
Joined
Jan 16, 2017
Messages
991
OS
Windows 8.1
I honestly didn't mean anything by the ha ha. Umbra is staff and I've seen him type LOLLLLLLOLLL to devs, but it's just harmless banter there's no disrespect meant. My apologies that it offended you.
No worries. I don't take that as disrespect. The internet is so toxic and even the worst I've seen on MT seems extremely polite in comparison lol.
 

Sunshine-boy

Level 26
Verified
Joined
Apr 1, 2017
Messages
1,562
OS
Windows 10
Antivirus
ESET
I've seen it bypassed lot
I think you cant understand the different bteween bypassing the firewall and the real-time or antivirus protection.
firewall bypassed
These tests show the Eset AV bypassed (on default settings)not the firewall what is the job of the firewall? protecting against hackers and inbound connections or blocking the samples??:notworthy:
Also, they are testing the comodo with cs settings(proactive settings)! while testing Eset or other Avs on default settings!even 5 years old kid can understand it's not fair!
You can simply Set Eset firewall in interactive mode(same of other Avs) and it will ask for every conecntion also you can tweak the Hips to wrok as an Anti-Exe(or more)the protection is there:)
Tweak the Eset HIPS and provided settings(like what they did for comodo)and you will not see any red color anymore;)
 
Last edited:

Rebsat

Level 5
Verified
Joined
Apr 13, 2014
Messages
238
OS
Windows 7
Antivirus
Avast
Comodo Firewall also has flaws, I've tested with other malware, and it has allowed them to run and infect. For example, the malware embedded in CCleaner ran freely even with @cruelsister great settings :eek:

A User on Youtube shared his concerns about the following problems with Comodo Firewall and already asked @cruelsister about it.
Link to the video over here


Meph Andr2 said:
Thanks for your response and the video. Comodo Firewall also has flaws, I've tested with other malware, and it has allowed them to run and infect. For example, the malware embedded in CCleaner ran freely even with your great settings. Since Piriform was trusted it was allowed to run, a threat was only blocked when the signature was submitted to Comodo by their own users. More malware is behaving this way, so their behavioral engine needs more work, especially that malware that abuses resources such as memory and CPU is allowed to run in containment to the point of crashing the device. It is confirmed that Comodo heavily depends on signatures to block and remove malware, lots of the signatures in Comodo are submitted by their own users, just look at the forums and you'll see. I haven't found an excellent antimalware that doesn't depend on signatures and with a solid behavioral engine, have you found one?
 
Last edited:

shmu26

Level 65
Verified
Joined
Jul 3, 2015
Messages
5,408
OS
Windows 10
It is why when i install Comodo, i always delete the TVL and rebuild it myself and run Comodo at paranoid. The ccleaner issue wouldn't bypass my setting.
Umbra, if you run it at paranoid, why do you also set it to make rules for trusted applications?
 
Likes: Rebsat

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,252
OS
Windows 10
Antivirus
Default-Deny
Umbra, if you run it at paranoid, why do you also set it to make rules for trusted applications?
hehehe maybe you forgot/missed the discussion about a malware added by accident in the cloud look up, right?

In the HIPS setting, "Create rules for trusted application" is influenced by:

HIPS trusts the applications if:
1- The application/file is rated as 'Trusted' in the File List
2- The application is from a vendor included in the Trusted Software Vendors list
3- The application is included in the extensive and constantly updated Comodo safelist.
1- i decide what is trusted
2- i wiped the TVL, so only my few trusted vendors are in it.
3- Paranoid Mode ignore the Comodo Safe List and the cloud look up as well.

So basically i have less popups from any softs from my TVL.
 

shmu26

Level 65
Verified
Joined
Jul 3, 2015
Messages
5,408
OS
Windows 10
hehehe maybe you forgot/missed the discussion about a malware added by accident in the cloud look up, right?

In the HIPS setting, "Create rules for trusted application" is influenced by:



1- i decide what is trusted
2- i wiped the TVL, so only my few trusted vendors are in it.
3- Paranoid Mode ignore the Comodo Safe List and the cloud look up as well.

So basically i have less popups from any softs from my TVL.
Hi, I didn't forget the discussion about Comodo false negatives, but I am still struggling to understand how your method works. Maybe it is the solution to a problem I was having.
Let's go step by step:
I do not enable "Create rules for trusted application".
And I have Microsoft Windows on my TVL.
If I am in paranoid mode, I will still get a prompt when a windows process runs, and surely I will get a prompt when an unknown process runs.
Now, I go and enable "Create rules for trusted application" . How does this change things?
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,252
OS
Windows 10
Antivirus
Default-Deny
Point 3 takes prevalence, i still get prompts from Windows' processes if they aren't yet on the HIPS rules,so my setting will bombard you of prompts the first few hours/days (but i assume less than unticking the box) then once all is set you will only have occasional prompts if you run some windows tools or some processes are executed.

Comodo's Myths & Facts
 

shmu26

Level 65
Verified
Joined
Jul 3, 2015
Messages
5,408
OS
Windows 10
Point 3 takes prevalence, i still get prompts from Windows' processes if they aren't yet on the HIPS rules,so my setting will bombard you of prompts the first few hours/days (but i assume less than unticking the box) then once all is set you will only have occasional prompts if you run some windows tools or some processes are executed.

Comodo's Myths & Facts
Thanks, Umbra!
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,252
OS
Windows 10
Antivirus
Default-Deny
What is important with Comodo HIPS are the rulesets, you have to make your own ones and applied them respectively to specific applications.
 

cruelsister

Level 36
Content Creator
Verified
Joined
Apr 13, 2013
Messages
2,512
Allow me to butt in here to discuss the CCleaner malware:

1). This thing was both SIGNED (legitimately) and available for download from the company's own servers.
2). CCleaner in itself was not (kinda-sorta) the actual malware! What it did was to connect to a non-Piriform server to download the payload(s) which were targeted to specific organizations (specialized secondary payloads). Infection would have only occurred after the payload was downloaded and run, and for a number of arcane reasons this (these) payload(s) are not available for testing. However I did not catch a hint that the payload(s) themselves were signed- and if they were not they would have been treated like any other malware and contained.

Anyway, the actual payloads would only infect the targeted machines to the extent of creating a backdoor for espionage related data acquisition. But as this backdoor was not part of the initial CCleaner installation cascade there is no reason to believe that the Firewall, if set as I suggest, would not have precluded Outbound connections and thus stopped the handshake needed for the data acquisition queries to proceed.

That it was targeted only should actually be intuitively obvious- the acquisition of the Private Key to sign AND getting the FTP credentials to upload the trojan to a legitimate server is neither easy nor inexpensive. The difficulty (and expense) of doing this makes it pointless for widespread dissemination to Riffraff like us (the more disseminated publicly, the higher the odds for early detection). High quality stuff like this has a purpose and that purpose is never going to be shaking down Mooks for a couple of bucks.

Finally, for those paranoid I did post a couple of videos a few years ago (God! have I really been doing this for that long? Someone needs a Life...) about a Nightmare Scenario where an exceptionally Highly Signed malware can penetrate even a Restricted TVL.
But as Umbra properly states the Comodo TVL can be modified to preclude installation by any but a few vendors for those concerned. And sadly there is another video on how to do this.

But the really important point is that Comodo gives one the ability to include these restrictions. Does anyone else?
 

ZeroDay

Level 26
Verified
Joined
Aug 17, 2013
Messages
1,544
OS
Linux
Antivirus
Isolation
I think you cant understand the different bteween bypassing the firewall and the real-time or antivirus protection.

These tests show the Eset AV bypassed (on default settings)not the firewall what is the job of the firewall? protecting against hackers and inbound connections or blocking the samples??:notworthy:
Also, they are testing the comodo with cs settings(proactive settings)! while testing Eset or other Avs on default settings!even 5 years old kid can understand it's not fair!
You can simply Set Eset firewall in interactive mode(same of other Avs) and it will ask for every conecntion also you can tweak the Hips to wrok as an Anti-Exe(or more)the protection is there:)

Tweak the Eset HIPS and provided settings(like what they did for comodo)and you will not see any red color anymore;)
I assure you I can tell the difference lol. When the AV is bypassed malware can download the payload/s going straight through the firewall. and, once the payloads install they also connect out going straight through Eset's firewall both ways in and out. Please do some research.
 
Joined
Oct 29, 2017
Messages
78
Please, simple questions:

1) With CS' settings in CF, does ViruScope option need to be enabled? Is it adding anything to CS' settings?

2) If I disable HIPS, will this also disable "Protected Data Folders"?

3) Website Filtering? On? Off? Does this option add anything relevant to CS' settings?

4) Enable or disable Cloud Lookup with CS' settings?

5) I can understand CS' opinion about "CF is enough, doesn't need an AV or AM". However, what about browsers? How to deal with phishing, scams, fake websites, tracking, spying, privacy issues etc? Don't we need an AV or AM to take care of this browsers garbage and other online-dangers?

Thank you!
 

Telos

Level 11
Verified
Joined
Jan 29, 2017
Messages
548
Please, simple questions:
1. CS shows ViruScope enabled.
2. Firewall and Containment settings should protect your system.
3. CS shows Website Filtering enabled.
4. I use the default settings.
5. Website filtering should handle most of those concerns. AV has no effect on the threats you enumerated.

Ref

That all said a basic AV running alongside CF is fine. CS has mentioned Avast Free, Qihoo 360, and Kaspersky Free IIRC. For me, I just allow Windows Defender to do its thang in the background.
 

AtlBo

Level 26
Verified
Joined
Dec 29, 2014
Messages
1,512
Antivirus
Qihoo 360
Answers below. These are just my impressions at the current time:

With CS' settings in CF, does ViruScope option need to be enabled? Is it adding anything to CS' settings?
No, it doesn't do anything at the present time. I leave it on, because Comodo use the Recognizer in VS to gather information on malware behaviors. It isn't even functional. Viruscope has been on a VERY slow development cycle.

2) If I disable HIPS, will this also disable "Protected Data Folders"?
Yes. You can verify this by going to Settings->HIPS settings->Monitoring settings (just below Enable HIPS). You can see the Protected file/folder setting is there, so it is HIPS that monitors them.

3) Website Filtering? On? Off? Does this option add anything relevant to CS' settings?
Haven't ever seen it do anything. Another Comodo project.

4) Enable or disable Cloud Lookup with CS' settings?
If you use the standard Trusted Vendor List (aren't relying on your own changes to the list), then leave Cloud Lookup on. It's actually fairly powerful, and I think where Comodo will focus improvements.

5) I can understand CS' opinion about "CF is enough, doesn't need an AV or AM". However, what about browsers? How to deal with phishing, scams, fake websites, tracking, spying, privacy issues etc? Don't we need an AV or AM to take care of this browsers garbage and other online-dangers?
A-V-I use an a-v with Comodo in case I make a mistake. The Comodo sandbox will tell you that Comodo doesn't like the app or that it isn't signed or is signed improperly. However, if anything gets by that a good a-v will help. Personally, for free Avast is probably the best for this because of the internet blocking it does from the program. Don't' forget that Avast free is has great features and protection and the use of the cloud is intense for a free a-v. The companion browser extension is extrememly good too. Bitdefender Free is just plain amazing detection. I think the internet protection is even better than Avast (detecting bad sites/bad downloads), but I am not sure about this. Haven't had a chance to use BD Free, and I am going from memory of a video review. Just can't recall if it was Free or BDIS.

Browser-Use a good content/ad blocker like uBlock Origin. If you really want to go all the way, you can run the browser contained by clicking on the Comodo widget to start it. Avast has a very nice content advisor browser extension, also.

As for other malware, Comodo is supposed to have your back with script monitoring. I'm not sure about this, and I am hoping @cruelsister will test Comodo against command line reliant malware with only the command line heuristics module enabled. Until the time this occurs, I will be using NVT EXE Radar Pro. However, Avast hardened mode set to the highest will block alot of malware activity. VoodooShield Free could be a good lightweight replacement for NVT ERP if you are worried about scripts. Comodo + Avast will be very good though...
 

Similar Threads

Similar Threads