I use Internet Security Config - In this Config.. Ports are stealth i.e Block Incoming Connections.
So Inbound Connections counter showing "0" is correct behavior?
- Status
So Inbound Connections counter showing "0" is correct behavior?
As far as I understand unless you have an authorized, incoming connection it will indicate 0.
You have to stealth ports under firewall on the tasks pane. CIS does not stealth ports by default.
CIS does stealth ports by default i.e Internet Security Config - FW global rules are set to "Block Incoming Connections".
And I think Inbound Connections counter 0 is correct behavior here on FW set to stealth ports.
I tried setting FW to alert for incoming connections & started qbittorrent client & inbound connections counter showed numbers.
I use Proactive Security config. Ports are not stealthed by default with that config. I never used IS config except for very briefly since FW rules are so lax.
Block incoming connections is not the same as Stealth Ports. Stealth Ports is a port scanning countermeasure. You must enable Stealth Ports on Firewall - Tasks pane...
- Oct 30, 2015
- 1,251
Question:
1) I'm using CIS sandboxed Chrome and downloaded a pdf file to C: drive Download folder. However, it wouldn't allow me to transfer to my USB drive. Is there some configuration I need to tweak ard?
2) Does CIS provide have anti-keylogging / keystroke protection?
1) I'm using CIS sandboxed Chrome and downloaded a pdf file to C: drive Download folder. However, it wouldn't allow me to transfer to my USB drive. Is there some configuration I need to tweak ard?
2) Does CIS provide have anti-keylogging / keystroke protection?
the file is sandboxed so it will go nowhere else than the sandbox, you have to open shared folder.
anti-keylogging, yes ; keystroke encryption, no.
1) It is unexpected behavior and not explained in User's Manual; before you get all frustrated it will be all right... there is way to do it.
With default settings you cannot download from browser directly to USB - only to C:\Users\Current_User\Download = Downloads directory you see in Windows Explorer.
If you want to add USB drive, it is done Advanced Settings > Security Settings > Defense+ > Sandbox > Sandbox Settings > Do not virtualize access to the specified files\folders > Add USB drive.
NOTE: If your USB drive letter changes you will have to add the new drive letter following the above.
2) Yes. Anti-keylogging. No. Keystroke encryption.
Comodo is quite secretive about exactly what anti-keylogging functionality is present in CIS. The statement that they have release: "It works." No technical infos released.
Anti-screen capture in Sandbox and Virtual Desktop.
Anti-clipboard capture in Sandbox.
At least that is what I have seen using CIS; no cut\paste in sandboxed browser - but can do it in Virtual Desktop.
Virtual Kiosk download = C:\ProgramData\Shared Space
Sandboxed application (like browser) = C:\Users\Current_User\Downloads
Virtual Kiosk download location is hard-wired = cannot be changed
Sandboxed application download location is customizable = can add additional locations (for best security all download locations should be treated as temporary download locations; move to non-virtualized location as soon as possible after downloading and verifying safe)
Sandboxed application (like browser) = C:\Users\Current_User\Downloads
Virtual Kiosk download location is hard-wired = cannot be changed
Sandboxed application download location is customizable = can add additional locations (for best security all download locations should be treated as temporary download locations; move to non-virtualized location as soon as possible after downloading and verifying safe)
Last edited by a moderator:
- Oct 30, 2015
- 1,251
I see. I'm ok to let it download to Download folder. But it wouldn't allow me to write into the USB drive. Does this mean my Download folder is virtualised?
Hi @Umbra ,
Does that mean this open shared folder is virtualised but is movable inside the files?
Last edited by a moderator:
Download folder is not virtualized - that is why you can download to it; USB drive is virtualized - so cannot download to it.
Comodo Sandbox & Virtual Desktop creates virtual container. Entire container contents are non-persistent - including file system.
Comodo virtualizes all file system locations except Downloads and Shared Space directories for maximum protection. The more locations that are not virtualized, the greater the risk that the location can be manipulated by malicious files - for example cryptors - and malicious actions will be permanent at those non-virtualized locations.
Does that make sense ?
@CMLew
You tried excluding USB drive from virtualization as I explained ? It did not work ??
When did you connect USB drive - before opening sandbox or during virtual (sandbox) session ?
Last edited by a moderator:
- Oct 30, 2015
- 1,251
Hi @hjlbx
It works. Thanks! I'm just curious on those how virtualise container works and which one is virtualised and which one is not; and hence the question.
Cheers!
@CMLew
Comodo virtualizes everything except Downloads and Shared Space. Virtual container is "non-persistent" and all actions - good and bad - take place within that container. That way malicious actions are isolated from physical system.
Draw two separated boxes on paper with single line connecting them.
One box = physical system.
Other box = virtual container (sandbox and virtual desktop).
Line = Downloads and Shared Space.
When reset sandbox or virtual desktop, the virtual container box and Downloads\Shared Space line disappear; left only with physical system box and whatever you downloaded to Downloads & Shared Space.
Comodo virtualizes everything except Downloads and Shared Space. Virtual container is "non-persistent" and all actions - good and bad - take place within that container. That way malicious actions are isolated from physical system.
Draw two separated boxes on paper with single line connecting them.
One box = physical system.
Other box = virtual container (sandbox and virtual desktop).
Line = Downloads and Shared Space.
When reset sandbox or virtual desktop, the virtual container box and Downloads\Shared Space line disappear; left only with physical system box and whatever you downloaded to Downloads & Shared Space.
Last edited by a moderator:
- Oct 30, 2015
- 1,251
Thanks! @hjlbx ! Good explanation.
By the way also noticed, CIS also sandbox when I uninstall application also from "Program and Features"...
Thanks! @hjlbx ! Good explanation.
By the way also noticed, CIS also sandbox when I uninstall application also from "Program and Features"...
What File Rating settings are you using ?
It does not recognize the uninstaller = more unexpected and unexplained behavior. Yes, it is pain, but nothing to be concerned about.
The workaround is a bit convoluted.
- Easiest option is just to exit Comodo (via right-click Exit in tray icon) and uninstall the application, then re-enable Comodo.
In HIPS alert:
- Untick "Remember my answer"
- Select Allow (You can also select "Treat As Installer\Updater)
- Select "Do not isolate again"
- Reset sandbox
- Re-execute uninstaller
- Select Allow (Unlimited)
- You can also change rating of application installer from Unrecognized to Trusted, then run it. That means you have to perform Comodo Cloud query before-hand on uninstaller prior to executing it.
Like I said, in this area it is a bit of a mess...
If you still have problems let me know app and I will check it and try to come up with better procedure.
@CMLew
You can also try this...
When you download an installer - and are unsure whether or not it is Trusted by Comodo - but you definitely know it is safe because you downloaded it from vendor website with good reputation and checked it at Virus Total - add it to File List before executing it. Comodo often does not rate safe applications as Trusted since the vendor updated it and it has not yet been submitted to Comodo for addition to the Safe List. It is common occurrence.
Here is what to do:
Download file
Advanced Settings > Security Settings > File Rating > File List > bottom tab > Add file > rate as Trusted
Execute installer
If you use "Trust applications installed by trusted installers" then all files installed will be treated as Trusted even if they are not yet in the Comodo Safe List and Comodo rates them as Unrecognized. Afterwards, you can verify that all the files installed have been given a rating of Trusted in the File List (including the uninstaller).
IF you find some that are still Unrecognized, here is the reason...
NOTE: The Comodo algorithm does not always detect application installers. If you find one that is not detected as an installer, rename it *Installer* and then execute it again. This is direct from Comodo Engineering. (I'm not sure if the * symbol is required in the installer name... as I have yet to find an installer that is not detected.
If you don't understand anything then please let me know...
You can also try this...
When you download an installer - and are unsure whether or not it is Trusted by Comodo - but you definitely know it is safe because you downloaded it from vendor website with good reputation and checked it at Virus Total - add it to File List before executing it. Comodo often does not rate safe applications as Trusted since the vendor updated it and it has not yet been submitted to Comodo for addition to the Safe List. It is common occurrence.
Here is what to do:
Download file
Advanced Settings > Security Settings > File Rating > File List > bottom tab > Add file > rate as Trusted
Execute installer
If you use "Trust applications installed by trusted installers" then all files installed will be treated as Trusted even if they are not yet in the Comodo Safe List and Comodo rates them as Unrecognized. Afterwards, you can verify that all the files installed have been given a rating of Trusted in the File List (including the uninstaller).
IF you find some that are still Unrecognized, here is the reason...
NOTE: The Comodo algorithm does not always detect application installers. If you find one that is not detected as an installer, rename it *Installer* and then execute it again. This is direct from Comodo Engineering. (I'm not sure if the * symbol is required in the installer name... as I have yet to find an installer that is not detected.
If you don't understand anything then please let me know...
- Oct 30, 2015
- 1,251
My File Rating Settings all ticked except popup alert box which is unticked.
The program I wish to uninstall is Slimjet browser. It pop-up a couple of times. I'm not sure if it is trusted but I believe it is trusted since I downloaded it directly from their website.
That's OK then. I gave lots of infos. Study it. If you have questions let me know...
- Oct 30, 2015
- 1,251
Thanks! Right now I change HIPS to training mode and run every possible applications available (including portable apps). So far okay.
However, I realised Tor Browser (Portable from USB drive) is not virtualised. I set my sandbox rule to virtualise all browser when open. so far works fine for the chrome firefox and opera (though all three aren't portable).
Last edited by a moderator:
- Status
