- Status
Hello @Tony Cole ,
Currently, I have CIS 8.2.0.4591 and MBAM 2.1.6.1022 installed. I have seen no issues lately.
However, MBAM is in the process of being updated... which potentially means that any new\changed MBAM modules might be detected as Unrecognized - and autosandboxed when the new MBAM update reaches users.
In that case, no problem. Create "Allow" rules in CIS for any "Unrecognized" MBAM modules. Any MBAM modules detected by CIS as Unrecognized will be submitted to Comodo for whitelisting - probably within 24 hours of such a detection by other users. Remember: At the alert, tick "Remember my answer" to create a permanent (Allow) rule.
When this sort of thing occurs I wait until the file drops-off the submitted Unrecognized file list before removing any Allow rules that I have created.
In my experience, mbam.sys - and one other, can't remember - may be autosandboxed after an MBAM update. It doesn't break MBAM.
In regards to HitmanPro... I am not too sure, but it would essentially be the same.
Hope this helps...
Best Regards,
HJLBX
PS - I thought you would never - like - ever, ever, ever - use Comodo again.
Last edited by a moderator:
- Jun 14, 2015
- 857
In my test VM, MBAE prevented CFW and other products from checking files; Hitman, instead, was fine.
CFW was buggy for me (fails to detect networks and secure them--it's primary purpose) but I ran it on Win10 (if they don't keep up, I'll go with who does). What's not changed since the last time I ran CIS years ago is that to get the level of security they tout, one has to put up with constant nagging that makes Vista UAC look trivial. It's probably great for a mission-critical hardened static box but not an ordinary PC which gets updated and changed regularly.
Multiple virtualisation technologies can interfere with each other, like that time Avast (which uses Oracle's VirtualBox tech) updated and broke my VirtualBox. More moving parts = more that can go wrong, exponentially, like the P-47 Thunderbolt vs. P-51 Mustang.
CFW was buggy for me (fails to detect networks and secure them--it's primary purpose) but I ran it on Win10 (if they don't keep up, I'll go with who does). What's not changed since the last time I ran CIS years ago is that to get the level of security they tout, one has to put up with constant nagging that makes Vista UAC look trivial. It's probably great for a mission-critical hardened static box but not an ordinary PC which gets updated and changed regularly.
Multiple virtualisation technologies can interfere with each other, like that time Avast (which uses Oracle's VirtualBox tech) updated and broke my VirtualBox. More moving parts = more that can go wrong, exponentially, like the P-47 Thunderbolt vs. P-51 Mustang.
hjlbx,
Installed CIS suite today. Running default settings. Stealth Ports set to "Block Incoming Connections" & FW set to "dont show popups" unchecked.
Yes, faced those bugs we talked about in other threads. Like Comodo Dragon updated & got FW alert Dragon wants to connect to internet (it was signed), couple other trusted programs updated but no FW alerts...this is fine.
So some trusted programs generate FW alerts...dont know why?
And with little trial, I guess when Autosandbox is set to "Internet" then the already installed programs are treated as trusted & not sandboxed but still Comodo does the checks & unknown programs found are in "unrecognized list" i.e unknown programs found are not sandboxed as they were already installed & therefore trusted but are listed in "unrecog list"... guess to let the users know these are unknown programs but not sandboxed due to trusted status for already installed programs as per "Internet" policy - This is my guess with little trial.
And for FW alerts for trusted programs... I already mentioned above dont know why some trusted programs generate FW alerts?
But overall I find CIS improved a lot in usability with new default rules/policy/whitelists, etc... & especially average users will see alerts rarely or occasionally with default settings.
So I have installed CIS suite default settings with above mentioned 2 changes on my family laptop Win 7 64 shared by average users. I have decided to keep it atleast till Win 10 release. Once I will upgrade the system with Win 10 then I will decide to continue or try others. Now its wait & see my family like it or not.
Installed CIS suite today. Running default settings. Stealth Ports set to "Block Incoming Connections" & FW set to "dont show popups" unchecked.
Yes, faced those bugs we talked about in other threads. Like Comodo Dragon updated & got FW alert Dragon wants to connect to internet (it was signed), couple other trusted programs updated but no FW alerts...this is fine.
So some trusted programs generate FW alerts...dont know why?
And with little trial, I guess when Autosandbox is set to "Internet" then the already installed programs are treated as trusted & not sandboxed but still Comodo does the checks & unknown programs found are in "unrecognized list" i.e unknown programs found are not sandboxed as they were already installed & therefore trusted but are listed in "unrecog list"... guess to let the users know these are unknown programs but not sandboxed due to trusted status for already installed programs as per "Internet" policy - This is my guess with little trial.
And for FW alerts for trusted programs... I already mentioned above dont know why some trusted programs generate FW alerts?
But overall I find CIS improved a lot in usability with new default rules/policy/whitelists, etc... & especially average users will see alerts rarely or occasionally with default settings.
So I have installed CIS suite default settings with above mentioned 2 changes on my family laptop Win 7 64 shared by average users. I have decided to keep it atleast till Win 10 release. Once I will upgrade the system with Win 10 then I will decide to continue or try others. Now its wait & see my family like it or not.
@yesnoo
I am experiencing some quirks with a few files' ratings and them being auto-sandboxed or generating other alerts (HIPS & FW)... even after moving one or two files from Unrecognized to Trusted list.
For example, some that persistently give me grief are the Flash Player Utility (FlashUtil_ActiveX.exe), OneNote (onenoteim.exe) and invagent.dll.
I have tried changing CIS settings and reproducing the behavior reliably - but, unfortunately, it is random... or ...at least that how it appears to me. I can make no sense of it... as it seems the process is all over the place, thereby preventing me from "connecting the dots" to help figure out why CIS behaves the way it does sometimes... If anything, it is confusing.
In any case, this quirky behavior is a known, on-going issue that is very likely to not be fixed by Comodo anytime soon - like - within the next few years - if not longer.
Despite these quirks, I just create "Allow" (for HIPS and/or FW) and "Ignore" (for sandbox) rules - and everything works OK.
So, no big deal in the end. !!!
All-in-all, CIS is solid = despite me playing around with lots and lots of malwares, my system has not been persistently infected - not yet - anyway. So, I'm confident in CIS.
However, the fact remains: CIS, with its quirkiness - and the complete confusion that all brings - CIS remains best suited to us MT-types.
Best Regards,
HJLBX
I am experiencing some quirks with a few files' ratings and them being auto-sandboxed or generating other alerts (HIPS & FW)... even after moving one or two files from Unrecognized to Trusted list.
For example, some that persistently give me grief are the Flash Player Utility (FlashUtil_ActiveX.exe), OneNote (onenoteim.exe) and invagent.dll.
I have tried changing CIS settings and reproducing the behavior reliably - but, unfortunately, it is random... or ...at least that how it appears to me. I can make no sense of it... as it seems the process is all over the place, thereby preventing me from "connecting the dots" to help figure out why CIS behaves the way it does sometimes... If anything, it is confusing.
In any case, this quirky behavior is a known, on-going issue that is very likely to not be fixed by Comodo anytime soon - like - within the next few years - if not longer.
Despite these quirks, I just create "Allow" (for HIPS and/or FW) and "Ignore" (for sandbox) rules - and everything works OK.
So, no big deal in the end. !!!
All-in-all, CIS is solid = despite me playing around with lots and lots of malwares, my system has not been persistently infected - not yet - anyway. So, I'm confident in CIS.
However, the fact remains: CIS, with its quirkiness - and the complete confusion that all brings - CIS remains best suited to us MT-types.
Best Regards,
HJLBX
hjlbx,
You face the mentioned persistent prob with default settings too i.e Internet Security config?
I never try other config, always use default config with minor changes.
Never faced a prob like moving files i.e trusted to unrecog, etc... & not working, always worked here. Though just couple for trials.
What is Flash Player Utility?
If its Adobe Flash for Internet Explorer then no probs on my system.
There is going to be an update/fixes release of CIS around Win 10 release.
Lets see what it brings.
You face the mentioned persistent prob with default settings too i.e Internet Security config?
I never try other config, always use default config with minor changes.
Never faced a prob like moving files i.e trusted to unrecog, etc... & not working, always worked here. Though just couple for trials.
What is Flash Player Utility?
If its Adobe Flash for Internet Explorer then no probs on my system.
There is going to be an update/fixes release of CIS around Win 10 release.
Lets see what it brings.
@yesnoo
I use Proactive Security configuration + I modify some settings, but I have seen some File Rating issues with the default Internet Security configuration.
Flash Player Utility is built-in to Internet Explorer.
Best Regards,
HJLBX
It is loaded into active memory when IE11 is launched and runs in the background. I think it is for update detection, updates, uninstall, etc.
Go to the directory I provided and launch it - you will see what I mean... it will load the uninstaller routine.
Best Regards,
HJLBX
I launched IE & dont see any FPU in taskmanager?
Is it required to run it from the location you mentioned?
Is it required to run it from the location you mentioned?
It does not run constantly in the background. When it does run, it runs in the background.
That directory is for W8.1 and IE11... might be different on another version of Windows and\or Internet Explorer.
Best Regards,
HJLBX
C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_194_ActiveX.exe
This is in trusted list.
Is this you meant?
This is in trusted list.
Is this you meant?
Yes. It is in Trusted list, but CIS sandboxes it on my system - for whatever reason(s). I have to create "Ignore" sandbox rule for it.
On my W8.1 it is FlashUtil_ActiveX.exe only = with no version numbers - but it is essentially identical to the one on your system.
Best Regards,
HJLBX
Yes. It doesn't fix the issue. It is a known issue to Comodo...
I've even tried submitting all Flash modules to Comodo for white-listing. Have to wait and see if that fixes anything.
Best Regards,
HJLBX
Hope the upcoming update really brings good fixes & solves the issues.
Though overall CIS is good but they really need to fine tune it on quite a few things.
Though overall CIS is good but they really need to fine tune it on quite a few things.
Comodo is fairly aggressive in their update schedule - but it seems - there is so much "stuff" with CIS that they have had trouble correcting issues fast enough for everyone.
I wouldn't count on anything major as far as bug fixes - after all, some bugs remain from 3 or 4 years ago.
There is hope - I guess... current version is much less problematic than v. 7 !
CIS is steadily getting better - but people get frustrated with confusing quirks and drop it...
Best Regards,
HJLBX
PS - @yigido
I think CIS is very complicated "under the hood" - so - difficult to work and even more difficult to fix...
Last edited by a moderator:
- Status
