- Dec 30, 2016
- 54
Comodo keeps creating and sandboxing ".bat" files of itself. It's annoying because it keeps showing notifications of it, maybe someone know how to stop it?
Comodo Firewall sandbox
- Thread starter Tadas247
- Start date
It's expected behaviour:
Brand New Comodo Internet Security 10 with Secure Shopping is released!!! - News / Announcements / Feedback - CIS | Page 12
Basically boils down to Comodo turning fileless scripts into files and sandboxing them to defend against fileless malware. It's pretty neat.
If you know the scripts are safe you're free to unblock them. If not and their blockage isn't affecting you in a negative way then I'd leave them blocked.
If you're getting annoyed by the notifications I believe setting "Do NOT show privilege elevation alerts" to block should stop them.
Brand New Comodo Internet Security 10 with Secure Shopping is released!!! - News / Announcements / Feedback - CIS | Page 12
Basically boils down to Comodo turning fileless scripts into files and sandboxing them to defend against fileless malware. It's pretty neat.
If you know the scripts are safe you're free to unblock them. If not and their blockage isn't affecting you in a negative way then I'd leave them blocked.
If you're getting annoyed by the notifications I believe setting "Do NOT show privilege elevation alerts" to block should stop them.
Last edited:
Upvote
0
- Jul 3, 2015
- 8,153
The way to avoid this behavior is in HIPS settings, you need to disable embedded code detection.
It's a great feature, but it is awaiting a fix from the Comodo devs, because certain apps keep generating scripts with a different random name every time, so you can't whitelist them.
It's a great feature, but it is awaiting a fix from the Comodo devs, because certain apps keep generating scripts with a different random name every time, so you can't whitelist them.
Upvote
0
- Jul 3, 2015
- 8,153
If you want script protection, but embedded code detection is getting you down, there is another way to do it.
This takes a little more work and patience, but it seems to work.
1 Enable HIPS.
2 In the HIPS settings, there is something called heuristic command-line analysis, click on the link there, and note the processes that are being monitored (some of them might not exist on your computer, unless you installed special software)
3 Now, in the file rating/file list, mark those same processes as "unknown". Most of these processes appear two times on your computer, if you have 64 bit.
4 If you have autosandbox enabled, make ignore rules for the processes you need to run sometimes, such as cmd and rundll32 and regsvr32.
Others, such as powershell, you don't need to make ignore rules, unless you are a powershell user. (Note that there are a total of 4 executable powershell files on a 64x system. Two of them are called powershell_ise.exe)
Now, after doing all that, you will get HIPS prompts when scripts try to run.
If you hit "allow" when you get the prompts regularly generated by your reliable apps, your programs will be able to run, and after a couple times, you won't get prompts anymore.
Warning: if you use HIPS, don't get into the habit of blindly clicking "allow".
This takes a little more work and patience, but it seems to work.
1 Enable HIPS.
2 In the HIPS settings, there is something called heuristic command-line analysis, click on the link there, and note the processes that are being monitored (some of them might not exist on your computer, unless you installed special software)
3 Now, in the file rating/file list, mark those same processes as "unknown". Most of these processes appear two times on your computer, if you have 64 bit.
4 If you have autosandbox enabled, make ignore rules for the processes you need to run sometimes, such as cmd and rundll32 and regsvr32.
Others, such as powershell, you don't need to make ignore rules, unless you are a powershell user. (Note that there are a total of 4 executable powershell files on a 64x system. Two of them are called powershell_ise.exe)
Now, after doing all that, you will get HIPS prompts when scripts try to run.
If you hit "allow" when you get the prompts regularly generated by your reliable apps, your programs will be able to run, and after a couple times, you won't get prompts anymore.
Warning: if you use HIPS, don't get into the habit of blindly clicking "allow".
Upvote
0
Similar threads
