- Apr 13, 2013
- 3,224
Comodo Firewall Setup- An Addendum
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- May 26, 2014
- 1,339
Great video with nice background music, as always!
@Chimaira helped me fix the problem that I was facing with the Partial Limited setting instead of the Restrictive one, while using Windows 10 you really need to disable UAC using Local Group Policy.
@Chimaira helped me fix the problem that I was facing with the Partial Limited setting instead of the Restrictive one, while using Windows 10 you really need to disable UAC using Local Group Policy.
- Jan 5, 2018
- 163
Considering your extensive testing with CFW against malware over many years, I trust your decision to not bother with UAC. If having UAC off opened users to attack with CFW running with your settings, I am certain you would be screaming to keep it on!
Thanks for the video, very informative as always!
Thanks for the video, very informative as always!
- Apr 13, 2013
- 3,224
As a UAC example, let me expand on the last scene in the video- as you noticed, UAC kept hammering away asking if we wanted to block the Volume Shadow Copy Service (vssadmin). So although UAC would not in any way stop the encryption process, if we did block vssadmin from acting we would have saved our System Restore Point (assuming you have System Restore enabled). I am in no way trying to minimize this! On an otherwise unprotected system we would be able to restore our files.
Now, what about UAC and Comodo (which I didn't touch on for the Tesla)? If we had Containment at Restricted no UAC popups would have occurred, mainly because this malware actually spawns a daughter that does the damage. Restricted mode will prevent this spawning.
For the Partially Limited setting the malware would be allowed to spawn, but the daughter would also be contained. Now this daughter would also try to access vssadmin (but this also would be contained). If you had UAC on also, it would react with a popup, but the reaction would be to stuff happening in the virtual environment, thus clicking either Yes or No would not matter to your actual system [fun fact: consent.exe (aka UAC) is in this case also running in the sandbox. When the popup occurs flushing the sandbox at that point would also get rid of that popup].
I realize I might be going a bit into the weeds with the above, but in short Comodo meets and exceeds protection provided by UAC. If it did not then this would constitute a simplistic breach of Comodo and I would never use it (never ever).
Now, what about UAC and Comodo (which I didn't touch on for the Tesla)? If we had Containment at Restricted no UAC popups would have occurred, mainly because this malware actually spawns a daughter that does the damage. Restricted mode will prevent this spawning.
For the Partially Limited setting the malware would be allowed to spawn, but the daughter would also be contained. Now this daughter would also try to access vssadmin (but this also would be contained). If you had UAC on also, it would react with a popup, but the reaction would be to stuff happening in the virtual environment, thus clicking either Yes or No would not matter to your actual system [fun fact: consent.exe (aka UAC) is in this case also running in the sandbox. When the popup occurs flushing the sandbox at that point would also get rid of that popup].
I realize I might be going a bit into the weeds with the above, but in short Comodo meets and exceeds protection provided by UAC. If it did not then this would constitute a simplistic breach of Comodo and I would never use it (never ever).
- Apr 13, 2013
- 3,224
Allego- You can't turn off UAC totally on Win10 nor should you. Even at the off position UAC in Win10 provides protection of System Files from things like wipers.
CS in your last video thread in post # 60 a poster shows how to disable UAC through a policy.
Video Review - Comodo Firewall- Cruelsister Variation
Video Review - Comodo Firewall- Cruelsister Variation
- May 26, 2014
- 1,339
Only after I disable UAC through a policy that Comodo Sandbox worked as it should.
There is a bug between UAC and Comodo in Windows 10, thats for sure.
Before Local Policy:
Cruel Comodo Win
After Local Policy:
Last edited:
- Jan 29, 2017
- 1,201
Seems better for me to use "Checked but run in Containment" otherwise with "unchecked" I'm apt to mis-click the pop-up and Run Unlimited. 
- Sep 22, 2014
- 1,767
- May 26, 2014
- 1,339
I cant see if it is running as "Partial Limited" or as "Restricted", which one is it?
- May 26, 2014
- 1,339
Attachments
- Sep 22, 2014
- 1,767
This was KS from CCE now I run KS from CF and it's the same as yours:
- May 26, 2014
- 1,339
Thanks for testing, I am almost sure that if you disable UAC from the Local Group Policy and reboot the system, you will get the "correct" setting (Restricted).
- Dec 29, 2014
- 1,716
@Nightwalker. Noob question. Why is there no UAC prompt with those settings? Does Comodo containment actually bypass UAC somehow or was it on a low setting? A question I started having a few days ago...
EDIT...I wonder if Comodo did this on purpose knowing that UAC would block everything that isn't Partially Limited...
EDIT...I wonder if Comodo did this on purpose knowing that UAC would block everything that isn't Partially Limited...
- Sep 22, 2014
- 1,767
I just try with disabled UAC and it show "Restricted":
What does it mean now?
Can @cruelsister explain this?
What does it mean now?
Can @cruelsister explain this?
- May 26, 2014
- 1,339
There is no UAC prompt because I turned it off in the Control Panel (CS settings) but it isnt enough to make Comodo Sandbox works like it should.
If I disable UAC completely using Local Group Policy, Comodo will use the "Restricted" setting for everything (correct scenario).
Ps: I dont believe it is on purpose, imo it is a bug. @cruelsister is using Windows 7, so maybe thats why she didnt had the same experience I did.
Anyway like she said, it isnt a big deal because Partially Limited setting is very strong now, but because I am a little bit OCD this bug annoys me
Edit: @Av Gurus made the testing scenario that I proposed before and had the same results that I did, so it is a bug for sure.
- Dec 29, 2014
- 1,716
Yeah thx. What a strange bug. It's good that you noticed that, and it seems like kind of a serious thing. Maybe Comodo will catch that and fix it at some point. It's hard to get their attemtnion on the forum....
Similar threads
