It is not the upcoming version, but here is the most recent Comodo Internet Security Premium 12.2.4.8032 test that I have seen:
Comodo Internet Security Premium Tested 2.23.23:
Comodo Internet Security Premium Tested 2.23.23:
Comodo Internet Security 2024 announced
- Thread starter Pico
- Start date
- Status
Don't mean to intrude, but Contained files will always be blocked by the Firewall. The firewall acts synergistically with Containment.
F
ForgottenSeer 98186
@Pico is talking about when using VPN. That really shouldn't matter, but I suppose there is some corner case they are referring to. Inbound and outbound connections for sandboxed processes are permitted by default; users have to enable "block inbound" and "block outbound" for the sandbox.
Last edited by a moderator:
F
ForgottenSeer 98186
For those so inclined to figure out the sandbox, Comodo is overall the most effective 3rd party freeware localhost protection.
How is Comodo FW suppose to block traffic when it doesn't see or know about traffic like in case traffic through npcap or VPN tunnels?
No such settings in premium or pro.
I'm not 100% certain but running containment set at "Restricted" doesn't allow the contained application to access network adapters whereas if it was run as Partially Limited (default), you'd see a Firewall prompt.
F
ForgottenSeer 98186
Not setting. Configuration. Research it.
Last edited by a moderator:
Even if isolated apps are allowed to listen and send data, it is unlikely that they will be able to obtain anything. If Comodo can properly secure access to keyboard by preventing global hooks and screen/screenshots (I don’t think there is evidence that it doesn’t, correct me if I am wrong) there will be nothing that can be transmitted over the not-secured traffic. Apart from another piece of malware that will be just as restricted.
The simplest option is to set the rule to Block that way it won't even run in the first place. I wonder if we'll get the same customisation options. The screenshots so far don't seem to indicate much. Anyway, it does some things well and others not.
But you guys can all try the OpenEDR. It’s for free, maintained and if you have less knowledgeable people you will be able to manage it for them.
Open Source Endpoint Detection and Response (EDR) | OpenEDR
Discover the benefits of Open Source Endpoint Detection and Response (EDR) with OpenEDR. Enhance security, improve visibility, and gain global scrutiny with a free, transparent EDR solution.
Malware would still be able to sniff around in your system and collect (some or all of) your (sensitive) data stored in the registry and in files on the file system and phone home that collected data.
Yes, best way is to block it completely when trapped so it has no change to run and collect your stuff and send home.
I meant no such checkboxes are available in pro or premium so those protection settings cannot be activated/deactivated in pro or prmeium.
Highly sensitive data is not to be stored in the system registry. The registry is for settings and configuration and whilst *some* user data can be stored there (such as software activation data) attackers are unlikely to be interested - for them the registry is a place to maintain persistence.
Most of the attackers are interested in various browsers, crypto wallets, gaming clients and password manager repositories, most of them being in %UserData%.
This directory is absolutely crucial to be kept safe. I know how it can be achieved with Kaspersky Application Control, but I am not aware how to do it with Comodo.
In an attempt to add some clarity to the Comodo Containment/Firewall discussion, please consider:
1). An unknown file is run with the ability to gather information (password stealer, keylogger, Coinminer, RAT, etc) as well as transmit the information out. For the majority of these, once plopped into Containment the malware will not have the ability to acquire data, but more importantly the transmission of this data will be detected and blocked. An example of this could be seen in my last Comodo vs RAT video.
2). Another example can be seen with the legitimate SeaMonkey browser. Although distributed by the Mozilla organization, it for many years has not been signed (and thus always deemed Untrusted by CF). However recently it did get a valid certificate with an equally valid Countersignature; but even so as this was the initial application with this certificate before Comodo will trust these new builds of SeaMonkey the application must first be vetted by C. As this has not been done yet upon running the installer it will be automatically contained. Further, even when launching the installer and directing that the installer be trusted (at the initial popup) and accomplishing the install upon first run one will still be presented with a Firewall popup.
This last point may seem trivial but it is actually of extreme importance. In the bad old days I was employed by a company that was called in to do a postmortem breach analysis for a major retailer that used an extremely popular Enterprise Security program. It was finally determined that a true zero-day targeted trojan was installed on their systems that was pulse transmitting stolen data packages out (actually discovered by a new employee who, when delving through firewall logs, found it curious that stuff was being sent to Kazakhstan).
As lead in the investigation I was able to acquire the malware and for giggles tried it out on a Comodo protected system. CF alerted at the first peep and this detection would have saved the victimized organization many, many millions in damages (but costing me a substantial bonus, so I guess I'm glad they went with the Enterprise product instead).
3). I hope on reflection that it's intuitively obvious that the use or non use of a VPN won't have a bearing on this sort of malicious mechanism.
1). An unknown file is run with the ability to gather information (password stealer, keylogger, Coinminer, RAT, etc) as well as transmit the information out. For the majority of these, once plopped into Containment the malware will not have the ability to acquire data, but more importantly the transmission of this data will be detected and blocked. An example of this could be seen in my last Comodo vs RAT video.
2). Another example can be seen with the legitimate SeaMonkey browser. Although distributed by the Mozilla organization, it for many years has not been signed (and thus always deemed Untrusted by CF). However recently it did get a valid certificate with an equally valid Countersignature; but even so as this was the initial application with this certificate before Comodo will trust these new builds of SeaMonkey the application must first be vetted by C. As this has not been done yet upon running the installer it will be automatically contained. Further, even when launching the installer and directing that the installer be trusted (at the initial popup) and accomplishing the install upon first run one will still be presented with a Firewall popup.
This last point may seem trivial but it is actually of extreme importance. In the bad old days I was employed by a company that was called in to do a postmortem breach analysis for a major retailer that used an extremely popular Enterprise Security program. It was finally determined that a true zero-day targeted trojan was installed on their systems that was pulse transmitting stolen data packages out (actually discovered by a new employee who, when delving through firewall logs, found it curious that stuff was being sent to Kazakhstan).
As lead in the investigation I was able to acquire the malware and for giggles tried it out on a Comodo protected system. CF alerted at the first peep and this detection would have saved the victimized organization many, many millions in damages (but costing me a substantial bonus, so I guess I'm glad they went with the Enterprise product instead).
3). I hope on reflection that it's intuitively obvious that the use or non use of a VPN won't have a bearing on this sort of malicious mechanism.
Emeralds would preferable as they are a better match for my eyes...
@cruelsister you are such a character 
Was this popular enterprise program Symantec Endpoint Protection in the “bad” old days?
It’s great that signatures are not trusted blindly at Comodo.
Was this popular enterprise program Symantec Endpoint Protection in the “bad” old days?
It’s great that signatures are not trusted blindly at Comodo.
How can Comodo FW block VPN traffic when it is not even able to block VPN traffic of trusted apps?
F
ForgottenSeer 97327
You posted that you never used Comodo and ypu are able to show us these settings. Do you read user manuals of IT-programs as a hobby?
I do itYou posted that you never used Comodo and ypu are able to show us these settings. Do you read user manuals of IT-programs as a hobby?
I love to read manuals. Haven’t read the Comodo one though.
F
ForgottenSeer 97327
Optimizing for efficiency is considered bad practice since a few decades. Only for performance critical systems and processes optimization is recommended. So I understand this message from a CEO of security companies (security should be seamless for the user experience), but it is not generally applicable (considered a waist of time and resources with computing power doubling every two years. Although this third step might become relevant again (chip engineering is thought to be maxing out to 2-3 nm with current state of technology).And, finally, his "Melihness" has a message for all of you:
3 Steps to Software Development
Successful software development requires the right approach. Melih Abdulhayoglu breaks down the three key steps to building efficient, scalable, and secure software. Learn more.melih.com
- Status
You may also like...
-
New Version 12.3.3.8152 Available for Comodo Internet Security 2025
- Started by rashmi
- Replies: 41
-
-
-
Want to try? | Comodo Antivirus Test & Review | Comodo Internet Security vs Ransomware | 2024- Started by NB InfoTech
- Replies: 4
-
