App Review Comodo Firewall- Cruelsister Variation

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
I noticed that unknow files that request privilege elevation will run actually at "Partially Limited" settings instead of the "Restrited", isnt it dangerous?

And what about this change? Why disable this setting now?

w3fZEpb.png
 
shmu26 said:
FYI if you cut down the TVL to a few really trusted vendors, like many users do, this increases security a little, and increases false positives a lot.
Click to expand...

If you run "Unrecognized" restricted in the sandbox, you are safe for sure. I have even set it to run Virtually and added the extra option to "Run Limited" to the rule. I feel safe. This means that programs have a half decent chance of running so I can see what they do in the sandbox. With OSArmor there and AppCheck, I feel like it's safe.

Trimming the TVL is great for learning the program, but it's not really an improvement on protection, considering Cloud Lookup has to be turned off too. At least, if you don't want Comodo adding vendors to the TVL every time you install a program from a vendor you removed.

I think the best solution is to run Comodo for about 6 months, save your settings, and then uninstall and reinstall the latest. The update process is still rough for sure. I haven't ever experienced a loss of settings from an update, however, and I don't think it's a common thing.

I would say the biggest thing to look for would be something like->install Comodo Internet Security Essentials during installation of Comodo->remove CISE because it doesn't do anything->Comodo main still wants it->"error...Comodo must be reinstalled"...this kind of thing. I really don't like the CISE element of the program. Appears to break things to me. Still, I think Comodo has very few bugs under the hood. When there is a problem, protection doesn't quit...at least as far as I can tell. Like an old car with low miles LOL...
 
  • Like
Reactions: Garzaman, harlan4096, shmu26 and 1 other person
Nightwalker said:
I noticed that unknow files that request privilege elevation will run actually at "Partially Limited" settings instead of the "Restrited", isnt it dangerous?

And what about this change? Why disable this setting now?
Click to expand...

I guess I do alot of stupid things. One of them is allow these alerts. Basically, it's because they happen like maybe a second before the containment/sanbox alert. If I know I want to run something, I can use this to bypass the sandbox. Is it safe...NO

I think Comodo wants to do something with that setting but they don't know what to do. Users want to know, and I think the devs sense that some want to run without UAC and so on. Maybe they will come up with a way of burying advanced/risk taker settings eventually or something...
 
  • Like
Reactions: ZeroDay, ravi prakash saini, Garzaman and 1 other person
Nightwalker- Comodo has actually upped the protection of the sandbox, so the Privilege Elevation alert would just result in an unneeded popup that may confuse some. Any such request for elevation will be negated by the sandbox at this level (Restricted).

I did not make this clear and you have my apologies for that omission.
 
  • Like
Reactions: Deletedmessiah, ravi prakash saini, Nightwalker and 4 others
An allegory for Comodo installations and program updates:

Ten people ran through a minefield.
Two died.
Two were wounded.
The remaining six were interviewed by the press the next day.
Five said they were glad they made it, but they consider themselves lucky.
One said, "Heck, if I can do it, anyone can do it. It's their own fault for getting blown up!"
The Comodo Daily quoted one of them...
 
  • Like
Reactions: simmerskool, abdou17, Sunshine-boy and 6 others
shmu26 said:
An allegory for Comodo installations and program updates:

Ten people ran through a minefield.
Two died.
Two were wounded.
The remaining six were interviewed by the press the next day.
Five said they were glad they made it, but they consider themselves lucky.
One said, "Heck, if I can do it, anyone can do it. It's their own fault for getting blown up!"
The Comodo Daily quoted one of them...
Click to expand...
Hahaha! Good point
 
  • Like
Reactions: upnorth, AtlBo and shmu26
cruelsister said:
Nightwalker- Comodo has actually upped the protection of the sandbox, so the Privilege Elevation alert would just result in an unneeded popup that may confuse some. Any such request for elevation will be negated by the sandbox at this level (Restricted).

I did not make this clear and you have my apologies for that omission.
Click to expand...

Thanks again for your insights, it is very much appreciated.

Far from me to ever correct you, but I noticed that if I uncheck this setting it will actually result in more unneeded popup.

See below (your settings):

DhKpJFw.png



If I click to run at Auto Contention (default) it will run at Partial Limited settings, should it works at this way?
 
  • Like
Reactions: AtlBo and ZeroDay
The domain owner updated that sites register about a month ago for one more year.
 
  • Like
Reactions: AtlBo
Nightwalker said:
Thanks again for your insights, it is very much appreciated.

Far from me to ever correct you, but I noticed that if I uncheck this setting it will actually result in more unneeded popup.

See below (your settings):

If I click to run at Auto Contention (default) it will run at Partial Limited settings, should it works at this way?
Click to expand...

It seems to be a problem with Windows 10:

ht5VmXJ.png


DbeFfXc.png


From my understanding, it is specific to Windows 10 & Windows 8.1. {awaiting confirmation}

What's not intended : creating a rule and being ignored.
What's intended (by design, currently): applications that require UAC will get "Partially Limited" restriction, regardless of imposed restriction.
Click to expand...

Login


I can confirm this behavior and it doesnt sound good to me.

@cruelsister I dont know if I am being paranoid, but it seems that Windows 10 with Comodo Firewall needs some special settings (block privilege elevation) ....
 
Last edited:
  • Like
Reactions: codswollip
I lost faith on Comodo long time ago after they can't manage to fix a simple bug, i gave it some tries since but this one just confirmed i was right to ditch it after all...
 
  • Like
Reactions: shmu26 and Faybert
A couple months ago, I installed CFW at default settings, i.e., HIPS is on and autocontainment is off.
The HIPS failed to block the execution of certain unrecognized files.
I reported it on the Comodo forum, and the bug was confirmed, but later on, the people who were supposed to fix it denied the issue. That's how it goes with Comodo.
Just for the record, this bug does not affect CS settings.
And just for the record, ignoring bugs is not limited to Comodo.
Nevertheless...
 
  • Like
Reactions: simmerskool, Garzaman, Azure and 1 other person
Hi Guys- a couple of things:

1). Regarding the Spyshelter test- yeah it is odd that for this SPECIFIC file under Win10 it will be knocked back to PL. This is actually less of an issue (actually not an issue at all) than in times past. As I mentioned earlier and elsewhere the base protection of Containment has been upped. For example, formerly a ransomware file would have the ability to change the Desktop Wallpaper under the PL setting whereas currently it can't even do this.

Personally I find this issue trivial in the extreme, but what do I know?

2). Regarding the setting "Do Not Show Privilege Elevation Alerts"- this has to do with popups and not protection. I'm gonna try to put out a really quick video about it soon. The issue here for me is that in my video if I suppress popups there are those that really want them, and it I allow them there are those (like me) who wonder why they are allowed.

3). Finally again about Spyshelter- and this comment is only for total Virtualization Newbies- You may notice that when run in Comodo's Sandbox Spyshelter thinks that it succeeds when you run the System Protection tests. This is only because Spyshelter, running within Containment, can only "see" things within that environment. So although stuff changes in the virtual environment that can be flushed like garbage nothing is actually done to your actual system.
 
  • Like
Reactions: Hector1, simmerskool, Gandalf_The_Grey and 1 other person
cruelsister said:
2). Regarding the setting "Do Not Show Privilege Elevation Alerts"- this has to do with popups and not protection. I'm gonna try to put out a really quick video about it soon. The issue here for me is that in my video if I suppress popups there are those that really want them, and it I allow them there are those (like me) who wonder why they are allowed.
Click to expand...

The guy thinking that setting has anything to do with UAC alerts proves one central point...

the 99% cannot handle security softs (nor Windows). Period. That includes COMODO and that includes AppGuard. It includes all security softs; the 99% cannot even handle something as simple as Windows Defender.

That so many people need guides and videos to configure and use 3rd-party Windows security software means a great number of things - and none of them are good. For one, and most importantly, nobody is teaching the 99% about Windows security. Beyond basic instruction on their product, it is not the responsibility of security software publishers to educate users to the level that they need. Besides, security soft publishers are not educators nor are they equipped to handle that role.

Windows security is far too complex and requires too much effort for the 99%. That is wholly Microsoft's doing and therefore wholly its fault.

Windows was released November 20, 1985. And 32 years later the general state of user-Windows security is more pathetic now than it has ever been.
 
Last edited by a moderator:
  • Like
Reactions: DavidLMO
cruelsister said:
Hi Guys- a couple of things:

1). Regarding the Spyshelter test- yeah it is odd that for this SPECIFIC file under Win10 it will be knocked back to PL. This is actually less of an issue (actually not an issue at all) than in times past. As I mentioned earlier and elsewhere the base protection of Containment has been upped. For example, formerly a ransomware file would have the ability to change the Desktop Wallpaper under the PL setting whereas currently it can't even do this.

Personally I find this issue trivial in the extreme, but what do I know?

2). Regarding the setting "Do Not Show Privilege Elevation Alerts"- this has to do with popups and not protection. I'm gonna try to put out a really quick video about it soon. The issue here for me is that in my video if I suppress popups there are those that really want them, and it I allow them there are those (like me) who wonder why they are allowed.

3). Finally again about Spyshelter- and this comment is only for total Virtualization Newbies- You may notice that when run in Comodo's Sandbox Spyshelter thinks that it succeeds when you run the System Protection tests. This is only because Spyshelter, running within Containment, can only "see" things within that environment. So although stuff changes in the virtual environment that can be flushed like garbage nothing is actually done to your actual system.
Click to expand...

Hi cruelsister, thanks again for your insights.

Unfortunately I tried other files and the result is the same on Windows 10, thats why I searched in Comodo forum.

I realized this "bug" when I ran ShinoLocker and saw the restriction as PL.
 

You may also like...