Serious Discussion Comodo Internet Security 2024 Beta is now available

ErzCrz

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,221
Pico said:
Why would one ever need or have to use 'Run Restricted' for apps running in a Containment???
The apps run in containment what's the point?
Can they escape from Containment somehow when use 'Run Virtually''?
Click to expand...
I think @cruelsister mentioned it in one of her videos some years ago but can't recall which. Often the default suggested option is to run a program partially limited and then you have to deal with firewall prompts. Setting the default containment to Restricted makes things simpler but if you want to just deal with the containment prompts, that's fine. the CS approach is simple bulletproof configuration.

The default it Partially limited and less secure as I've mentioned but choice is yours.
  • Partially Limited - The application is allowed to access all operating system files and resources like the clipboard. Modification of protected files/registry keys is not allowed. Privileged operations like loading drivers or debugging other applications are also not allowed. (Default)
Click to expand...
  • Limited - Only selected operating system resources can be accessed by the application. The application is not allowed to execute more than 10 processes at a time and is run without Administrator account privileges.
  • Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications, like computer games, may not work properly under this setting.
Click to expand...
  • Untrusted - The application is not allowed to access any operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications that require user interaction may not work properly under this setting.
Click to expand...
 
  • +Reputation
  • Like
  • Applause
Reactions: Nevi, piquiteco, simmerskool and 3 others
simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,779
Pico said:
Why would one ever need or have to use 'Run Restricted' for apps running in a Containment???
The apps run in containment what's the point?
Can they escape from Containment somehow when use 'Run Virtually''?
Click to expand...
sure, and ideally if "run restricted" is the selected setting then a good coder might nullify (gray out) Run Virtual Applications. :unsure:
 
  • Like
Reactions: Nevi and vtqhtr413
simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,779
ErzCrz said:
I think @cruelsister mentioned it in one of her videos some years ago but can't recall which. Often the default suggested option is to run a program partially limited and then you have to deal with firewall prompts. Setting the default containment to Restricted makes things simpler but if you want to just deal with the containment prompts, that's fine. the CS approach is simple bulletproof configuration.

The default it Partially limited and less secure as I've mentioned but choice is yours.
Click to expand...
sounds like my memory too although mine is (was) a tad more faded.
 
  • HaHa
  • Hundred Points
Reactions: Nevi, vtqhtr413, Jonny Quest and 1 other person
P

Pico

Level 6
Feb 6, 2023
266
When apps run contained they can perform read operations from the host (like read access to file system and resources) but they cannot perform permanent write operations to the host as these write operations are isolated from the host.
In other words, contained apps can never make permanent changes on the host and as long as contained apps cannot call home (FW set to block inbound and block outbound connections for all contained apps) than I still don't see the need why using 'Run Restricted' or any other limiting setting.

What am I missing in using these limiting settings?
 
  • Like
Reactions: Nevi, oldschool, vtqhtr413 and 2 others
Zappathustra

Zappathustra

Level 2
Jul 1, 2019
48

Attachments

  • sshot-231.png
    sshot-231.png
    98.2 KB · Views: 209
  • sshot-232.png
    sshot-232.png
    93.3 KB · Views: 195
  • sshot-233.png
    sshot-233.png
    166 KB · Views: 196
  • Like
  • Hundred Points
Reactions: Nevi, oldschool, vtqhtr413 and 2 others
ErzCrz

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,221
Deepz said:
Comodo leaves weird parts of it on my system when i uninstalledd. I had to reinstall windows :/
Click to expand...
It tends to leave behind a installer startup entry which you can delete from the registry located here: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

It also tends to leave behind the Event Log folder/entry located here: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\

Both can safely be deleted and just restart afterwards.

There is an Uninstaller via Comodo Forums but it doesn't remove the above entries. Official Comodo Uninstaller v3.2.0.82 Released
 
  • Like
  • +Reputation
Reactions: roger_m, Nevi, oldschool and 2 others
simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,779
ErzCrz said:
It tends to leave behind a installer startup entry
It also tends to leave behind the Event Log folder
There is an Uninstaller via Comodo Forums but it doesn't remove the above entries. Official Comodo Uninstaller v3.2.0.82 Released
Click to expand...
@Deepz you could also try jv16 uninstalr app, it is discussed here

malwaretips.com

Discussion Thread - Uninstalr: Or how I tested all the Windows uninstallers and ended up making a new one

I tested all the popular Windows uninstaller programs. That is: Bulk Crap Uninstaller, Geek Uninstaller, HiBit Uninstaller, IObit Uninstaller, Revo Uninstaller and Total Uninstall. I found out that many of them had some very rudimentary user interface problems, none of them were able to perform...
malwaretips.com malwaretips.com
 
  • Like
  • Hundred Points
Reactions: Nevi, oldschool and vtqhtr413
F

ForgottenSeer 100397

Pico said:
When apps run contained they can perform read operations from the host (like read access to file system and resources) but they cannot perform permanent write operations to the host as these write operations are isolated from the host.
In other words, contained apps can never make permanent changes on the host and as long as contained apps cannot call home (FW set to block inbound and block outbound connections for all contained apps) than I still don't see the need why using 'Run Restricted' or any other limiting setting.

What am I missing in using these limiting settings?
Click to expand...
Before containment, restriction levels were the primary security measure. They now offer optional protection, which limits software or malware running in the containment. I don’t use restriction levels.
 
Last edited by a moderator:
  • Like
  • Hundred Points
Reactions: Nevi, simmerskool, vtqhtr413 and 1 other person
P

Pico

Level 6
Feb 6, 2023
266
rhythm said:
Before containment, restriction levels were the primary security measure. They now offer optional protection, which limits software or malware running in the containment. I don’t use restriction levels.
Click to expand...
That should be 'optional fake containment protection' then.
Why should one want to set restriction level on a contained app?
Two options, either just let the contained app execute without restriction level or just block it altogether, easy.
 
F

ForgottenSeer 97327

@Pico use case for running a contained application with restrictions

Run a portable version of a webrowser in a container with additional restriction to block access to ring-0, allowing this sandboxed portable only write access to the (real system) download folder. Being a portable application it should in normal circumstances never touch elevated processes and UAC protected folders nor registry. Enable HIPS, allowing everything except execution in the download folder.

Pretty strong hassle free security. Can't imagine any malware to break through these additional containment levels.

@cruelsister always removes access to real system, but maybe she could show a version which only allows access to the downloads folder of the real world system and let the HIPS protect this "gateway" to the real world.
 
Last edited by a moderator:
  • Like
Reactions: Nevi, simmerskool and vtqhtr413
P

Pico

Level 6
Feb 6, 2023
266
Is containment leaking permanent write operations (excluding the allowed write access to the download folder) to the real system when restriction levels are not being used ???

Running a portable or non-portable app in containment doesn't matter both are handled in the same way, they execute in containment meaning they cannot perform permanent write operations to the real system.
 
F

ForgottenSeer 97327

Pico said:
Is containment leaking permanent write operations (excluding the allowed write access to the download folder) to the real system when restriction levels are not being used ???

Running a portable or non-portable app in containment doesn't matter both are handled in the same way, they execute in containment meaning they cannot perform permanent write operations to the real system.
Click to expand...
:) you are not a fan, me neither but now your are saying why use a safety belt when my car has an airbag?
 
  • Like
  • HaHa
Reactions: Nevi, piquiteco, simmerskool and 2 others
F

ForgottenSeer 100397

Pico said:
That should be 'optional fake containment protection' then.
Why should one want to set restriction level on a contained app?
Two options, either just let the contained app execute without restriction level or just block it altogether, easy.
Click to expand...
The restriction levels aren't just for containment. You can use a restriction level as primary security without containment.
 
  • Like
Reactions: Nevi, simmerskool and vtqhtr413
F

ForgottenSeer 100397

Pico said:
That's good. But for containment it has no use.
Click to expand...
Run Virtually had some minor problems, such as ransomware leaving a ransom note on the desktop or malware changing the desktop background. This made people question the strength and reliability of the default settings. Personally, I believe that restricting contained apps defeats the purpose of containment. I'm not aware of any legitimate bypass of the default settings with the stable version.
 
  • Like
  • +Reputation
Reactions: Nevi, piquiteco, simmerskool and 2 others

Similar threads

ErzCrz
    • Like
New Update Comodo Internet Security 2024 v12.3.2.8124 BETA (Feb 2024)
Replies
16
Views
2,770
Comodo
Nikola Milanovic
Nikola Milanovic
vitao
    • Like
    • +Reputation
    • Wow
  • Locked
Serious Discussion Comodo Internet Security 2025 was obliterated by an exploit!
Replies
125
Views
5,829
Comodo
vitao
vitao
M
    • Like
    • Thanks
    • Applause
Comodo Internet Security 2025 Beta / Final / Infos Thread
Replies
36
Views
5,044
Comodo
rashmi
rashmi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top