?

Does this thread helped/informed you?

  1. Yes, i learned new things

    81.4%
  2. No, i know all of CIS already

    18.6%
  1. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #1 Umbra, Nov 12, 2015
    Last edited: Nov 16, 2015
    Hi guys,

    Since many of us use Comodo IS, i decided to create this thread to share our skills of CIS/CFW, indeed some of us don't have the knowledge to tighten CIS by themselves without hampering their system. I hope this thread will help.
     
    AtlBo, ZeroDay, Solarlynx and 6 others like this.
  2. Online_Sword

    Online_Sword New Member
    Trusted

    Mar 23, 2015
    575
    1,807
    I guess you have reconstructed the Trusted Vendors List?
     
    AtlBo and Umbra like this.
  3. LabZero

    LabZero Guest

    Yes, thanks for this @Umbra!

    I always say that CIS is a product for advanced users and it must be configured in detail.
     
    AtlBo, Andytay70, Umbra and 1 other person like this.
  4. CMLew

    CMLew Level 22

    Oct 30, 2015
    1,141
    2,912
    Registered Safety Practitioner
    Singapore
    Windows 10
    Default-Deny
    Hi @Umbra

    Wanted to know if you include the BB also during installation?
     
    AtlBo likes this.
  5. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    yes, im doing it , i will surely finish next century since the list is huge :p

    Proactive Mode activate the BB (called gain Auto-Sandbox) & HIPS

    so far i finally managed to make sandboxie and CIS works together with some browsers; only installed chromium-based browsers (except Chromodo) have issues and couldn't start in Sandboxie. i dont why yet, i surely missed something.

    @Jack @hjlbx @cruelsister you are all invited to share your config, i know yours are quite good setup
     
    AtlBo, Solarlynx and Online_Sword like this.
  6. Online_Sword

    Online_Sword New Member
    Trusted

    Mar 23, 2015
    575
    1,807
    #6 Online_Sword, Nov 12, 2015
    Last edited: Nov 12, 2015
    By the way, I hope someone could share his HIPS rules, especially the HIPS rules established manually.:)
    Of course, specific HIPS rules depend on the system and softwares installed. But maybe you can share your strategies and ideas on how to establish the HIPS rules.

    In addition, I also hope to learn some firewall rules for network ports.:)
    I have read some firewall rules for network rules, based on CFW or some other software firewall.
    Those guides generally contain a series of long lists of ports and rules for the ports, but do not explain the reason.
    Without a detailed explanation, we can hardly adjust those firewall rules to adapt them to our own computers.
     
    AtlBo likes this.
  7. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #7 Umbra, Nov 12, 2015
    Last edited: Nov 12, 2015
    Those are mostly dependent of your system , if i put rulesets here they may wont works for others; but i will try and warn about following those rulesets. Give me time , i just get back with CIS , we were "separated couple" since v6 , so i need to rediscover her :p

    edited my config intro: added what type of user may use it without issues in long term.
     
    AtlBo, Solarlynx, XhenEd and 2 others like this.
  8. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    you are the expert of comodo here , i know their CCE really loves you :D
     
    AtlBo and CMLew like this.
  9. cruelsister

    cruelsister Level 32
    Trusted

    Apr 13, 2013
    2,131
    12,418
    NYC
    Umbra! I didn't know that you were using Comodo. Most excellent choice. EXCEPT:

    Never saw the point in CIS over CF. Both have a Cloud AV, but with CIS one burdens oneself with a locally installed scanner (with definitions). As I really don't know anyone who considers the Comodo AV to be top tier, why bother (actually why bother with any AV- but that is another discussion).

    But for those reactionaries who must have a local AV, wouldn't freebies like Avast or BD be a better choice (actually Qihoo is very good and works well with CF- yes, it does have a greater percentage of FP's, but does a better job against Scriptors)?
     
    AtlBo, Der.Reisende, ZeroDay and 9 others like this.
  10. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #10 Umbra, Nov 12, 2015
    Last edited: Nov 12, 2015
    finished editing my trusted vendors list , easy trick to do it:

    1- put HIPS on Training mode, disable auto-sandbox
    2- select all vendors except microsoft, realtek, ATI, NVIDIA, etc.. mostly your drivers vendors (in case of ^^) by using search box.
    3- delete all the others
    4- add vendors by selecting them via running processes
    5- put back HIPS & Auto-sandbox on safe mode

    :D
     
    AtlBo, Solarlynx and Online_Sword like this.
  11. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    are you sure? i heard different, without the AV you lack something, can't recall what...
     
    AtlBo and Solarlynx like this.
  12. CMLew

    CMLew Level 22

    Oct 30, 2015
    1,141
    2,912
    Registered Safety Practitioner
    Singapore
    Windows 10
    Default-Deny
    Thanks! By the way, does your configuration affect the use of portableapps.com program?

    I used CIS on my old laptop and I notice when I try to run the portable apps program (for instance: keepass), the CIS will somehow auto-sandbox the opened keepass with notification. It happens too when I open my portable firefox.
     
    AtlBo likes this.
  13. Rod McCarthy

    Rod McCarthy Guest

    Hey Thanks for this guys. I appreciate the hard work.
     
    AtlBo likes this.
  14. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    not on my system

    i have keepass too, no problem with FF portable
     
    AtlBo, ZeroDay and Behold Eck like this.
  15. Yash Khan

    Yash Khan Level 51

    Oct 22, 2012
    4,055
    8,960
    An expert users like you doesn't need Comodo AV.. even if Comodo AV was top notch I would say the same. Sandbox with Cloud AV part is good for experts in my opinion.

    If I remember correctly.. with CAV not installed.. there is no AV exclusion. Alert will give the option to add to trusted files but no AV exclusion.
    And I think Cloud AV part in CIS is not pure Cloud AV.. just cloud connection for cloud databases. So there is no file execution blocking time to get verdict/detection from the cloud. So if it gets the verdict instant, malware is blocked & if couldn't get the verdict instant malware is run.

    Back in the days users mentioned sometimes Cloud AV couldn't kill the detected malware i.e alert mentioned quarantined but malware processes was still running. But its an old news & guess no probs now.
     
    AtlBo and Umbra like this.
  16. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    yes that is it , i recall now, thx
     
    AtlBo and Solarlynx like this.
  17. hjlbx

    hjlbx Guest

    Some KeePass module(s) is\are Unrecognized by Comodo = not on their Safe List.

    You can handle an Unrecognized file - and stop Comodo from blocking\auto-sandboxing it - in a number of ways:

    1. In HIPS alert, select Allow and tick "Remember my answer" (creates permanent HIPS rule for action covered by that individual alert).
    2. In Sandbox alert, select "Trust this application" (creates auto-sandbox Ignore rule); need HIPS alerts enabled.
    3. Run Rating Scan and select "Add to Trusted Files."
    4. Go into File List and manually change rating individual files\entire folder from Unrecognized to Trusted.
    5. Enable Training Mode during install and initial use of application; CIS will auto-create rules.
    6. Submit file to Comodo for white-listing = add to Safe List.

    The above the are the main ways. There are even more ways, but it serves no purpose other than to confuse to cover every single one here.

    WARNING ! In the HIPS alert, rule creation applies to the file performing the action - and not the target file ! Until a user fully understands how HIPS alerts "Treat as..." options work in CIS, the user is strongly advised not to use any of the "Treat as..." options.

    A mistake with the "Treat as..." options can potentially compromise the entire system's security !


    So if you select one of the "Treat as..." options, then it will apply to the file on the left side of the HIPS alert - not the object on the right !

    A -> -> -> B

    "Treat as..." will be applied to A - and not B.
     
    AtlBo, shmu26, XhenEd and 2 others like this.
  18. hjlbx

    hjlbx Guest

    #18 hjlbx, Nov 12, 2015
    Last edited by a moderator: Nov 12, 2015
    Comodo does not use "pure" antivirus cloud at this time; it is on-going project.

    * * * * * *

    This is still an issue... and dependent upon user's internet connection speed and CAMAS queue (time it takes for Cloud and verdict to return results to local system).

    For example, if HIPS alert appears before Comodo Cloud alert, then HIPS alert will prevail over any subsequent Comodo Cloud alert - and file is not quarantined immediately or blocked and terminated (which action is dependent upon Comodo Cloud settings in File Rating Settings).

    It is also dependent upon HIPS timeout setting. Default is 120 sec, mine is set to 999 sec. :D

    I replicated this issue a few times when a HIPS alert appeared and I didn't respond to the alert immediately. After allowing the system to set for about 3 or 4 minutes I noticed a Cloud alert. HIPS prevailed over the Cloud.

    Initially I thought it was some kind of deranged bug, but I learned it is just a timing quirk.

    WARNING ! If you receive a Comodo Cloud alert during an active HIPS for the same file, select "Block and Terminate" within the HIPS alert ! DO NOT SELECT "Allow" within the HIPS alert !

    There are other ways this can be handled, but the above is sufficient basic advice to protect system.
     
  19. Yash Khan

    Yash Khan Level 51

    Oct 22, 2012
    4,055
    8,960
    I have always used CIS defaults. CIS defaults comes with "Internet Security" config. Even with CFW only I use "Internet Security" config. Just some GUI customization & nothing affecting security part.. I only set FW to "ask".

    Never faced boot slowdown, system slowdown, infection, probs, etc... Light, good & effective. Overall nothing to complain much about & a happy user.

    Just want an option to "ask" instead of autosandbox.
     
    Solarlynx likes this.
  20. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    so for educational purposes, say "File A" triggers an alert because it wants access "File B" , and i select "treat as allowed" , File A will be allowed in the future, but not File B ?


    i guess in the "block" case; because if you "treat as allow" , the file supposed to be safe at the first place.
     
    Solarlynx likes this.
Loading...
Similar Threads Forum Date
Update Comodo Internet Security Essentials v.1.3.436779.133 - RC Comodo Jan 4, 2018
Update Comodo Internet Security v10.1.0.6460 - Beta Comodo Dec 23, 2017
Update Recognizer v1.10.0.105 for Comodo Internet Security v10 (RC) Comodo Dec 12, 2017