Serious Discussion Comodo Internet Security 2024 Beta is now available

Attachments

  • sshot-231.png
    sshot-231.png
    98.2 KB · Views: 306
  • sshot-232.png
    sshot-232.png
    93.3 KB · Views: 316
  • sshot-233.png
    sshot-233.png
    166 KB · Views: 318
  • Like
  • Hundred Points
Reactions: Nevi, oldschool, vtqhtr413 and 2 others
Deepz said:
Comodo leaves weird parts of it on my system when i uninstalledd. I had to reinstall windows :/
Click to expand...
It tends to leave behind a installer startup entry which you can delete from the registry located here: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

It also tends to leave behind the Event Log folder/entry located here: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\

Both can safely be deleted and just restart afterwards.

There is an Uninstaller via Comodo Forums but it doesn't remove the above entries. Official Comodo Uninstaller v3.2.0.82 Released
 
  • Like
  • +Reputation
Reactions: roger_m, Nevi, oldschool and 2 others
ErzCrz said:
It tends to leave behind a installer startup entry
It also tends to leave behind the Event Log folder
There is an Uninstaller via Comodo Forums but it doesn't remove the above entries. Official Comodo Uninstaller v3.2.0.82 Released
Click to expand...
@Deepz you could also try jv16 uninstalr app, it is discussed here

malwaretips.com

Discussion Thread - Uninstalr: Or how I tested all the Windows uninstallers and ended up making a new one

I tested all the popular Windows uninstaller programs. That is: Bulk Crap Uninstaller, Geek Uninstaller, HiBit Uninstaller, IObit Uninstaller, Revo Uninstaller and Total Uninstall. I found out that many of them had some very rudimentary user interface problems, none of them were able to perform...
malwaretips.com malwaretips.com
 
  • Like
  • Hundred Points
Reactions: Nevi, oldschool and vtqhtr413
Pico said:
When apps run contained they can perform read operations from the host (like read access to file system and resources) but they cannot perform permanent write operations to the host as these write operations are isolated from the host.
In other words, contained apps can never make permanent changes on the host and as long as contained apps cannot call home (FW set to block inbound and block outbound connections for all contained apps) than I still don't see the need why using 'Run Restricted' or any other limiting setting.

What am I missing in using these limiting settings?
Click to expand...
Before containment, restriction levels were the primary security measure. They now offer optional protection, which limits software or malware running in the containment. I don’t use restriction levels.
 
Last edited by a moderator:
  • Like
  • Hundred Points
Reactions: Nevi, simmerskool, vtqhtr413 and 1 other person
rhythm said:
Before containment, restriction levels were the primary security measure. They now offer optional protection, which limits software or malware running in the containment. I don’t use restriction levels.
Click to expand...
That should be 'optional fake containment protection' then.
Why should one want to set restriction level on a contained app?
Two options, either just let the contained app execute without restriction level or just block it altogether, easy.
 
@Pico use case for running a contained application with restrictions

Run a portable version of a webrowser in a container with additional restriction to block access to ring-0, allowing this sandboxed portable only write access to the (real system) download folder. Being a portable application it should in normal circumstances never touch elevated processes and UAC protected folders nor registry. Enable HIPS, allowing everything except execution in the download folder.

Pretty strong hassle free security. Can't imagine any malware to break through these additional containment levels.

@cruelsister always removes access to real system, but maybe she could show a version which only allows access to the downloads folder of the real world system and let the HIPS protect this "gateway" to the real world.
 
Last edited by a moderator:
  • Like
Reactions: Nevi, simmerskool and vtqhtr413
Is containment leaking permanent write operations (excluding the allowed write access to the download folder) to the real system when restriction levels are not being used ???

Running a portable or non-portable app in containment doesn't matter both are handled in the same way, they execute in containment meaning they cannot perform permanent write operations to the real system.
 
Pico said:
Is containment leaking permanent write operations (excluding the allowed write access to the download folder) to the real system when restriction levels are not being used ???

Running a portable or non-portable app in containment doesn't matter both are handled in the same way, they execute in containment meaning they cannot perform permanent write operations to the real system.
Click to expand...
:-) you are not a fan, me neither but now your are saying why use a safety belt when my car has an airbag?
 
  • Like
  • HaHa
Reactions: Nevi, piquiteco, simmerskool and 2 others
Pico said:
That should be 'optional fake containment protection' then.
Why should one want to set restriction level on a contained app?
Two options, either just let the contained app execute without restriction level or just block it altogether, easy.
Click to expand...
The restriction levels aren't just for containment. You can use a restriction level as primary security without containment.
 
  • Like
Reactions: Nevi, simmerskool and vtqhtr413
Pico said:
That's good. But for containment it has no use.
Click to expand...
Run Virtually had some minor problems, such as ransomware leaving a ransom note on the desktop or malware changing the desktop background. This made people question the strength and reliability of the default settings. Personally, I believe that restricting contained apps defeats the purpose of containment. I'm not aware of any legitimate bypass of the default settings with the stable version.
 
  • Like
  • +Reputation
Reactions: Nevi, piquiteco, simmerskool and 2 others
likeastar20 said:
After I uninstalled Comodo with Uninstalr, I can't seem to get it to install again.
Click to expand...
You've just learned a lesson, never rely on third / second party uninstallers. By no means do they know what can be safely deleted from your system and what not. Only an installed app itself knows how to correctly uninstall itself without damaging your system.
 
  • Like
  • +Reputation
Reactions: Nevi, Rollers127, piquiteco and 1 other person
rhythm said:
When there was no containment, the default restriction level was Partial Limited. This level provided a good balance between security and usability, making it suitable for real-world scenarios. I am planning to ask @Shadowra to test it out.
Click to expand...
I’m requesting @Shadowra to test Comodo with default restricted, Partially Limited. The setup doesn’t have containment. Comodo will only restrict unrecognized apps on the actual system. I’m also testing usability on my production system with the same setup, and it’s working great.
Make your video test requests!

I expect the scanners will detect leftover files during the test. Because the setup restricts (no containment) unrecognized app installations on the actual system. I want to evaluate the overall performance of the setup against modern malware. This includes any active malware, malware after a system reboot, and data encryption.

The setup could offer excellent protection and usability in real-world scenarios. Let’s see how it performs in the test. Depending on the outcome, I might test the "Limited" restriction level’s usability and request @Shadowra for a malware test.
 
Last edited by a moderator:
  • Like
  • Hundred Points
  • Applause
Reactions: Nevi, piquiteco, simmerskool and 3 others

You may also like...