App Review Comodo Firewall Setup- An Addendum

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Chimaira

Chimaira

Level 4
Verified
Well-known
Jan 5, 2018
163
AtlBo said:
For anyone who would like to follow this a little bit on the Comodo Forum:

Login

I just posted the last post which I hope will help lead to correction of the error in Windows 10. First I guess it seems to me like fixing the privilege elevation alert would be something to focus on, since it doesn't describe what happens when the user makes a choice. Pls let me know how you feel about the alert and if you could understand what is says better than the current one.

EDIT: don't know why the link says Login btw. It's the thread page for me that is linked...
Click to expand...

Anything that corrects this issue I'm for.
 
  • Like
Reactions: Syafiq and AtlBo
Nightwalker

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
I think I found another bug with Comodo Sandbox in Windows 10 :confused:
If a file that requests privilege elevation runs, the Sandbox will fail to reset itself, it will actually finish the processes inside it but it will generate a error, so it is necessary to reboot the system to clean the Sandbox properly.

Screenshot_1.png


Oh well ...
 
  • Like
Reactions: Deletedmessiah, Av Gurus, AtlBo and 2 others
Chimaira

Chimaira

Level 4
Verified
Well-known
Jan 5, 2018
163
Nightwalker said:
I think I found another bug with Comodo Sandbox in Windows 10 :confused:
If a file that requests privilege elevation runs, the Sandbox will fail to reset itself, it will actually finish the processes inside it but it will generate a error, so it is necessary to reboot the system to clean the Sandbox properly.

View attachment 182201

Oh well ...
Click to expand...

Well that doesn't look good. Have you reinstalled CFW to see if it fixes it? Restored a backup maybe?
 
  • Like
Reactions: AtlBo and Syafiq
cruelsister

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,140
Night- On Win10, when run in a VM with limited resources one would indeed notice what you observe. Privilege elevation has nothing to do with it. Somewhere I have a test program which will attempt to inject into running processes resulting in the creation of an elevated command prompt. With the settings I suggest not only will the entire process be contained, but so will consent.exe (UAC) as well as any command run from the cmd prompt (eg net stop spooler, or any sc command). As soon as I have time to find it I'll do a quickie on it- it's actually cool to watch.
 
  • Like
Reactions: Hector1, simmerskool, Deletedmessiah and 5 others
Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Nightwalker said:
I think I found another bug with Comodo Sandbox in Windows 10 :confused:
If a file that requests privilege elevation runs, the Sandbox will fail to reset itself, it will actually finish the processes inside it but it will generate a error, so it is necessary to reboot the system to clean the Sandbox properly.

View attachment 182201

Oh well ...
Click to expand...
I notice that too. It happens to me couple of times.
I was thinking it has to do something with virtual machine.
 
  • Like
Reactions: AtlBo
abdou17

abdou17

Level 2
Verified
May 3, 2013
82
Nightwalker said:
I think I found another bug with Comodo Sandbox in Windows 10 :confused:
If a file that requests privilege elevation runs, the Sandbox will fail to reset itself, it will actually finish the processes inside it but it will generate a error, so it is necessary to reboot the system to clean the Sandbox properly.

View attachment 182201

Oh well ...
Click to expand...
Av Gurus said:
I notice that too. It happens to me couple of times.
I was thinking it has to do something with virtual machine.
Click to expand...
It's a BUG and happened to me several times on my main PC when UAC is activated
So it has nothing to do with virtual machine
 
  • Like
Reactions: Av Gurus, Gandalf_The_Grey, AtlBo and 1 other person
Nightwalker

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
cruelsister said:
Night- On Win10, when run in a VM with limited resources one would indeed notice what you observe. Privilege elevation has nothing to do with it. Somewhere I have a test program which will attempt to inject into running processes resulting in the creation of an elevated command prompt. With the settings I suggest not only will the entire process be contained, but so will consent.exe (UAC) as well as any command run from the cmd prompt (eg net stop spooler, or any sc command). As soon as I have time to find it I'll do a quickie on it- it's actually cool to watch.
Click to expand...

Hi Cruelsister, did you tried the malware file that @Av Gurus tested?
Video Review - Comodo Firewall Setup- An Addendum

My config: Windows 10 + Admin user + UAC off (Control Panel) + Comodo Firewall 10 with your setttings.

I think you can reproduce this "bug" using that malware and the config above.

Ps: I know that Comodo even at the Partial Limited setttings is still very powerful, but I am a little bit OCD so these "bugs" annoys me a lot :LOL:
 
cruelsister

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,140
Night- If you mean GrandCrab2, on my system (Win10) everything, including nslookup, was contained at the restricted level.

Also, I just viewed AVG's video (Post #30). You may have noted that some of the samples run didn't work. This normally is indicative of adware/system hack type things. To actually get them to run, there is a setting in File Rating settings- 'Detect potentially unwanted applications". With this unchecked those would just run in containment (not suggesting anyone outside of testing do this!).

Finally, about what started this whole thing- the Spyshelter test running at PL- frankly I have no clue as to how the Comodo developers prioritize files that act in certain ways under Win10, and could care less. The only thing that is of the upmost importance to me is if my system could in any way be changed by malware, and so far I haven't seen it.

I've actually stayed away pretty much from this thread as I don't want to be seen as a Mindless FanGirl, but CF is really, really good.
 
  • Like
Reactions: Hector1, simmerskool, AtlBo and 6 others
Chimaira

Chimaira

Level 4
Verified
Well-known
Jan 5, 2018
163
cruelsister said:
Night- If you mean GrandCrab2, on my system (Win10) everything, including nslookup, was contained at the restricted level.

Also, I just viewed AVG's video (Post #30). You may have noted that some of the samples run didn't work. This normally is indicative of adware/system hack type things. To actually get them to run, there is a setting in File Rating settings- 'Detect potentially unwanted applications". With this unchecked those would just run in containment (not suggesting anyone outside of testing do this!).

Finally, about what started this whole thing- the Spyshelter test running at PL- frankly I have no clue as to how the Comodo developers prioritize files that act in certain ways under Win10, and could care less. The only thing that is of the upmost importance to me is if my system could in any way be changed by malware, and so far I haven't seen it.

I've actually stayed away pretty much from this thread as I don't want to be seen as a Mindless FanGirl, but CF is really, really good.
Click to expand...

You wouldn't be seen as a mindless fan girl, honestly if this one issue about why anything requiring admin privileges is immediately dropped to partially limited regardless of the settings you've chosen was answered it would lead to many being comfortable using CFW. If a malware launches and asks for admin privileges I DON'T want Comodo dropping the level of security in the sandbox. You tell us to use your settings but then Comodo doesn't use them, you tell us to use restricted as the setting for the sandbox but then say you don't care that Comodo chooses to run the sandbox at partially limited with UAC elevation.

It just doesn't make any sense and makes it hard to trust in the product.
 
  • Like
Reactions: abdou17, AtlBo and erreale

Similar threads

Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Comodo Firewall BETA 2024 (Modified Settings)
Replies
12
Views
2,075
Video Reviews - Security and Privacy
Nikola Milanovic
Nikola Milanovic
Azazel
    • Like
Serious Discussion What is your firewall security setup?
Replies
23
Views
1,409
General Security Discussions
ng4ever
N
Andy Ful
    • +Reputation
    • Like
    • Thanks
App Review Comodo's challenge part 2.
Replies
54
Views
2,873
Video Reviews - Security and Privacy
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top