Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
COMODO Firewall Settings + Protected Objects & Ransomware?
Message
<blockquote data-quote="cruelsister" data-source="post: 890943" data-attributes="member: 7463"><p>Hi Lightmen! Viewing the setup used on the video, from a malware protection standpoint it really can't be faulted, however from a usability standpoint it is a tad aggressive (as Vitali correctly implies). Essentially the Containment settings make CF an anti-exe. Personally if I was to go this route I would go a bit further by wiping out all the Vendors on the Trusted Vendors list, then removing everything that pops up on the Unrecognized Files list. </p><p></p><p>After a reboot rechecking the Trusted Vendors list will only show a Comodo listing as well as a couple of things from Microsoft - files that are directly signed as well as stuff that was "group" signed via the MS Catalog Store. This last bit (the Catalog Store files) is interesting in that although things like Outlook,exe are singed directly, Right Clicking on something like Regedit.exe or cetutil.exe will not show any digital signature (you would need something that will actually look into the Catalog Store to verify signatures- eg Get-AuthenticodeSignature command used by Sysinternals Sigcheck, or employed directly in Powershell.</p><p></p><p>Finally, your suggestion to use Protected files and Folders within Comodo as a ransomware defence does indeed seen like a great idea but sadly will not work (not needed anyway with Containment enabled).</p><p></p><p>Sorry if I went a bit in the Weeds, but hope this helped!</p><p></p><p>M</p></blockquote><p></p>
[QUOTE="cruelsister, post: 890943, member: 7463"] Hi Lightmen! Viewing the setup used on the video, from a malware protection standpoint it really can't be faulted, however from a usability standpoint it is a tad aggressive (as Vitali correctly implies). Essentially the Containment settings make CF an anti-exe. Personally if I was to go this route I would go a bit further by wiping out all the Vendors on the Trusted Vendors list, then removing everything that pops up on the Unrecognized Files list. After a reboot rechecking the Trusted Vendors list will only show a Comodo listing as well as a couple of things from Microsoft - files that are directly signed as well as stuff that was "group" signed via the MS Catalog Store. This last bit (the Catalog Store files) is interesting in that although things like Outlook,exe are singed directly, Right Clicking on something like Regedit.exe or cetutil.exe will not show any digital signature (you would need something that will actually look into the Catalog Store to verify signatures- eg Get-AuthenticodeSignature command used by Sysinternals Sigcheck, or employed directly in Powershell. Finally, your suggestion to use Protected files and Folders within Comodo as a ransomware defence does indeed seen like a great idea but sadly will not work (not needed anyway with Containment enabled). Sorry if I went a bit in the Weeds, but hope this helped! M [/QUOTE]
Insert quotes…
Verification
Post reply
Top
