Comodo Firewall Custom Install

[cruelsister]

I was setting up a test system this morning and installed the new version of CF (build 4978). As usual both GeekBuddy and Chromodo browser are packaged in the installer; but unlike previous versions they are unchecked by default!.

So now you have to opt-in instead of opting out.

 

[Kate_L]

I also notice that in Comodo Internet Security, the heuristics are off by default (in real-time protection). I think in Scans some options are changed too. I notice all this changes yesterday when I installed it on my laptop.

 

[Av Gurus]

I was setting up a test system this morning and installed the new version of CF (build 4978). As usual both GeekBuddy and Chromodo browser are packaged in the installer; but unlike previous versions they are unchecked by default!.

So now you have to opt-in instead of opting out.

I can confirm

 

[Janl1992l]

Yes, the bloatware is opt out by default now and they have fixed some serious scurity fixes with this release, nice one.

 

[woodrowbone]

@CS,
How does your setup of CF (the one without popups) work with false positives, legit software?
Have you seen problems with installations, upgrades etc of legit apps?

Considering this setup at novices PC:s, but am unsure what will happen if to much ends up in the sandbox that are legit.

/W

 

[cruelsister]

Woodrow- An excellent question, but a complicated one:

1). Even with popups totally off, when an application is sandboxed and run the program will appear with a Green border around it, giving a visual alert that something is in the box. As in my videos I suggest that the "Advanced View" option is checked (right click the Comodo icon in the tray to do this); then by opening up the Comodo GUI you will be able to see exactly what is in the box.

2). Legit applications being sandboxed- yes this does happen, but really not that frequently. For me it happens with every new build of my beloved SeaMonkey browser, and also with Java updates (at the very end of the Java install deployjava.jar will be sandboxed, but this is not an issue for a home user). When this occurs I deal with it by:

a). making sure I downloaded the sandboxed application from a trusted site (like from Mozilla for SeaMonkey), and
b). right clicking the exe to verify Digital Signatures in Properties.

Unless a and b don't don't check out it remains in the box to be flushed (also, you should deal with sandboxed stuff relatively promptly. But remember that the box is automatically emptied when the system is rebooted).

3). On the whole you should trust what Comodo sandboxes unless you are absolutely sure. As an example of what may happen if you don't, look at my last video- malware (Winlocky) was backdoored to a legit uTorrent.
The backdooring process is getting more popular and quite easy to do, with my personal best being 37 seconds (and that with a cat on my lap).

So to sum up, although you will get an occasional FP with Comodo, in the absense of Enterprise-like real time forensics it is in my option the best option to be secure, certainly better than the traditional AV (which is also prone to FP's.

And really finally- if you viewed any of the Boot-time series, it will be noted that none of the AV's detected my Timing trojan. I backdoored to it ransomware that I knew any AV would detect, and even so most failed. But I could just as easily (cat on my lap or not) have backdoored a true zero-day ransomware to it (not that I would ever do so, being a kind and gentle person). That should be a cause for concern.

Hope that answered things,

M

 

[woodrowbone]

Thanks CS! I asked because I live in a non English speaking country, this means that a lot more native software ends up as false positives.
This will, with CF installed turn in to a problem if a installation is gone after reboot.

/W