Comodo Internet Security - General Impression

Status
Not open for further replies.
H

hjlbx

Thread author
Nothing has changed significantly in v. 4591 ...

No update to OP needed.
 

Tony Cole

Level 27
Verified
May 11, 2014
1,639
Would Malwarebytes Anti-Exploit and HitmanPro.Alert work/be okay with Comodo sandbox, or would I have to remove these prior to giving it another shot?
 
H

hjlbx

Thread author
Would Malwarebytes Anti-Exploit and HitmanPro.Alert work/be okay with Comodo sandbox, or would I have to remove these prior to giving it another shot?

Hello @Tony Cole ,

Currently, I have CIS 8.2.0.4591 and MBAM 2.1.6.1022 installed. I have seen no issues lately.

However, MBAM is in the process of being updated... which potentially means that any new\changed MBAM modules might be detected as Unrecognized - and autosandboxed when the new MBAM update reaches users.

In that case, no problem. Create "Allow" rules in CIS for any "Unrecognized" MBAM modules. Any MBAM modules detected by CIS as Unrecognized will be submitted to Comodo for whitelisting - probably within 24 hours of such a detection by other users. Remember: At the alert, tick "Remember my answer" to create a permanent (Allow) rule.

When this sort of thing occurs I wait until the file drops-off the submitted Unrecognized file list before removing any Allow rules that I have created.

In my experience, mbam.sys - and one other, can't remember - may be autosandboxed after an MBAM update. It doesn't break MBAM.

In regards to HitmanPro... I am not too sure, but it would essentially be the same.

Hope this helps...

Best Regards,

HJLBX

PS - I thought you would never - like - ever, ever, ever - use Comodo again. :D
 
Last edited by a moderator:

Rolo

Level 18
Verified
Jun 14, 2015
857
In my test VM, MBAE prevented CFW and other products from checking files; Hitman, instead, was fine.

CFW was buggy for me (fails to detect networks and secure them--it's primary purpose) but I ran it on Win10 (if they don't keep up, I'll go with who does). What's not changed since the last time I ran CIS years ago is that to get the level of security they tout, one has to put up with constant nagging that makes Vista UAC look trivial. It's probably great for a mission-critical hardened static box but not an ordinary PC which gets updated and changed regularly.

Multiple virtualisation technologies can interfere with each other, like that time Avast (which uses Oracle's VirtualBox tech) updated and broke my VirtualBox. More moving parts = more that can go wrong, exponentially, like the P-47 Thunderbolt vs. P-51 Mustang.
 
  • Like
Reactions: Cats-4_Owners-2
D

Deleted member 2913

Thread author
hjlbx,
Installed CIS suite today. Running default settings. Stealth Ports set to "Block Incoming Connections" & FW set to "dont show popups" unchecked.
Yes, faced those bugs we talked about in other threads. Like Comodo Dragon updated & got FW alert Dragon wants to connect to internet (it was signed), couple other trusted programs updated but no FW alerts...this is fine.
So some trusted programs generate FW alerts...dont know why?

And with little trial, I guess when Autosandbox is set to "Internet" then the already installed programs are treated as trusted & not sandboxed but still Comodo does the checks & unknown programs found are in "unrecognized list" i.e unknown programs found are not sandboxed as they were already installed & therefore trusted but are listed in "unrecog list"... guess to let the users know these are unknown programs but not sandboxed due to trusted status for already installed programs as per "Internet" policy - This is my guess with little trial.

And for FW alerts for trusted programs... I already mentioned above dont know why some trusted programs generate FW alerts?

But overall I find CIS improved a lot in usability with new default rules/policy/whitelists, etc... & especially average users will see alerts rarely or occasionally with default settings.

So I have installed CIS suite default settings with above mentioned 2 changes on my family laptop Win 7 64 shared by average users. I have decided to keep it atleast till Win 10 release. Once I will upgrade the system with Win 10 then I will decide to continue or try others. Now its wait & see my family like it or not.
 
  • Like
Reactions: Cats-4_Owners-2
H

hjlbx

Thread author
@yesnoo

I am experiencing some quirks with a few files' ratings and them being auto-sandboxed or generating other alerts (HIPS & FW)... even after moving one or two files from Unrecognized to Trusted list.

For example, some that persistently give me grief are the Flash Player Utility (FlashUtil_ActiveX.exe), OneNote (onenoteim.exe) and invagent.dll.

I have tried changing CIS settings and reproducing the behavior reliably - but, unfortunately, it is random... or ...at least that how it appears to me. I can make no sense of it... as it seems the process is all over the place, thereby preventing me from "connecting the dots" to help figure out why CIS behaves the way it does sometimes... If anything, it is confusing.

In any case, this quirky behavior is a known, on-going issue that is very likely to not be fixed by Comodo anytime soon - like - within the next few years - if not longer.

Despite these quirks, I just create "Allow" (for HIPS and/or FW) and "Ignore" (for sandbox) rules - and everything works OK.

So, no big deal in the end. !!!

All-in-all, CIS is solid = despite me playing around with lots and lots of malwares, my system has not been persistently infected - not yet - anyway. So, I'm confident in CIS.

However, the fact remains: CIS, with its quirkiness - and the complete confusion that all brings - CIS remains best suited to us MT-types.

Best Regards,

HJLBX
 
  • Like
Reactions: Cats-4_Owners-2
D

Deleted member 2913

Thread author
hjlbx,

You face the mentioned persistent prob with default settings too i.e Internet Security config?
I never try other config, always use default config with minor changes.
Never faced a prob like moving files i.e trusted to unrecog, etc... & not working, always worked here. Though just couple for trials.

What is Flash Player Utility?
If its Adobe Flash for Internet Explorer then no probs on my system.

There is going to be an update/fixes release of CIS around Win 10 release.
Lets see what it brings.
 
H

hjlbx

Thread author
hjlbx,

You face the mentioned persistent prob with default settings too i.e Internet Security config?
I never try other config, always use default config with minor changes.
Never faced a prob like moving files i.e trusted to unrecog, etc... & not working, always worked here. Though just couple for trials.

What is Flash Player Utility?
If its Adobe Flash for Internet Explorer then no probs on my system.

@yesnoo

I use Proactive Security configuration + I modify some settings, but I have seen some File Rating issues with the default Internet Security configuration.

Flash Player Utility is built-in to Internet Explorer.

Best Regards,

HJLBX
 
H

hjlbx

Thread author
@yesnoo

It is an uninstaller utility.

You should find it at this directory = C:\Windows\System32\Macromed\Flash

Hope this helps...

Best Regards,

HJLBX
 
D

Deleted member 2913

Thread author
So do you mean when you try to uninstall Flash then sometimes the uninstaller is sandboxed?
 
H

hjlbx

Thread author
So do you mean when you try to uninstall Flash then sometimes the uninstaller is sandboxed?

It is loaded into active memory when IE11 is launched and runs in the background. I think it is for update detection, updates, uninstall, etc.

Go to the directory I provided and launch it - you will see what I mean... it will load the uninstaller routine.

Best Regards,

HJLBX
 
D

Deleted member 2913

Thread author
I launched IE & dont see any FPU in taskmanager?
Is it required to run it from the location you mentioned?
 
H

hjlbx

Thread author
I launched IE & dont see any FPU in taskmanager?
Is it required to run it from the location you mentioned?

It does not run constantly in the background. When it does run, it runs in the background.

That directory is for W8.1 and IE11... might be different on another version of Windows and\or Internet Explorer.

Best Regards,

HJLBX
 
D

Deleted member 2913

Thread author
C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_194_ActiveX.exe
This is in trusted list.
Is this you meant?
 
H

hjlbx

Thread author
C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_194_ActiveX.exe
This is in trusted list.
Is this you meant?

Yes. It is in Trusted list, but CIS sandboxes it on my system - for whatever reason(s). I have to create "Ignore" sandbox rule for it.

On my W8.1 it is FlashUtil_ActiveX.exe only = with no version numbers - but it is essentially identical to the one on your system.

Best Regards,

HJLBX
 
H

hjlbx

Thread author
Did you try rating scan?

Yes. It doesn't fix the issue. It is a known issue to Comodo...

I've even tried submitting all Flash modules to Comodo for white-listing. Have to wait and see if that fixes anything.

Best Regards,

HJLBX
 
D

Deleted member 2913

Thread author
Hope the upcoming update really brings good fixes & solves the issues.

Though overall CIS is good but they really need to fine tune it on quite a few things.
 
H

hjlbx

Thread author
Hope the upcoming update really brings good fixes & solves the issues.

Comodo is fairly aggressive in their update schedule - but it seems - there is so much "stuff" with CIS that they have had trouble correcting issues fast enough for everyone.

I wouldn't count on anything major as far as bug fixes - after all, some bugs remain from 3 or 4 years ago.

There is hope - I guess... current version is much less problematic than v. 7 !

CIS is steadily getting better - but people get frustrated with confusing quirks and drop it...

Best Regards,

HJLBX

PS - @yigido

I think CIS is very complicated "under the hood" - so - difficult to work and even more difficult to fix...
 
Last edited by a moderator:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top