- Jul 3, 2015
- 8,153
great idea. how can I get a hold of the appguard list?
Please provide comments and solutions that are helpful to the author of this topic.
- Status
- Jul 3, 2015
- 8,153
I figured out that you can delete all, and then add items from running processes. That helps to get your drivers and basic programs whitelisted.
Exactly, but be sure the OS is clean, best way is to do a clean install of the OS, delete the TVL, then install Comodo and whitelist the running processes.
- Apr 13, 2013
- 3,224
Shmu- AppGuard uses Cisco, Citrix, Intuit, Oracle, Sun, Apple, Microsoft, Mcafee, Mozilla, Google, Adobe as trusted vendors (as well as themselves).
But one other thing- not all signed malware are alike. I hope to push out a special video soon that will demonstrate how a typical signed malicious file would be handled by CF. I just realized that the RAT that I am currently using isn't all that typical as it was pretty bad to begin with and I made it worse (does that make me a bad person?).
But one other thing- not all signed malware are alike. I hope to push out a special video soon that will demonstrate how a typical signed malicious file would be handled by CF. I just realized that the RAT that I am currently using isn't all that typical as it was pretty bad to begin with and I made it worse (does that make me a bad person?).
- Jul 3, 2015
- 8,153
thanks.
I just found out that if you want to add something to the comodo trusted vendor list, you need to have a signed file on your system, for comodo to read from. You can't just type in a name of a company.
I guess if you don't have it on your system anyway, it doesn't matter whether it is trusted or not...
your RAT should be interesting to a lot of people. Sounds like a juicy topic.
I just found out that if you want to add something to the comodo trusted vendor list, you need to have a signed file on your system, for comodo to read from. You can't just type in a name of a company.
I guess if you don't have it on your system anyway, it doesn't matter whether it is trusted or not...
your RAT should be interesting to a lot of people. Sounds like a juicy topic.
- Oct 19, 2013
- 20
I'm back to trying out Comodo and I'm still running in to the same issues.
Lets say I run Comodo as Firewall + Auto Sandbox. I launch an app and since I have notifications on I get prompted. I tick the box to trust it and tell Comodo to run unlimited. I check the list in the sandbox and I see the app in question is there and shows up as trusted and ignored. However, every time I launch said app I get the same prompt. Run Isolated, Run Unlimited, Block and the check box to trust it.
Anyone have any ideas as this is the main reason I try Comodo and then uninstall it? My issue isn't the prompts, my issue is that it doesn't seem to matter what I choose. If I trust the app and say run unlimited I'm assuming it will use that evertyime and not prompt me anymore. Otherwise what's the point of giving me the option to trust it?
Lets say I run Comodo as Firewall + Auto Sandbox. I launch an app and since I have notifications on I get prompted. I tick the box to trust it and tell Comodo to run unlimited. I check the list in the sandbox and I see the app in question is there and shows up as trusted and ignored. However, every time I launch said app I get the same prompt. Run Isolated, Run Unlimited, Block and the check box to trust it.
Anyone have any ideas as this is the main reason I try Comodo and then uninstall it? My issue isn't the prompts, my issue is that it doesn't seem to matter what I choose. If I trust the app and say run unlimited I'm assuming it will use that evertyime and not prompt me anymore. Otherwise what's the point of giving me the option to trust it?
Welcome to comodo buggy world; i ditched it because of that and other bugs that could be easily fixed but still not.
- Dec 8, 2014
- 206
- Feb 15, 2012
- 2,128
- Aug 2, 2015
- 4,286
Ok that was a long read but i made it through all 11 pages, now i'm tired lol
I am only going to install the Firewall but I have gleaned enough form this thread
to feel comfortable messing with the settings based on my config.
Adding the firewall with W.A.R though makes me nervous, has anyone had any issues
between CFW free and W.A.R or VoodooShield ? If so what were they, Thanks
I will return in a few hours.
I am only going to install the Firewall but I have gleaned enough form this thread
to feel comfortable messing with the settings based on my config.
Adding the firewall with W.A.R though makes me nervous, has anyone had any issues
between CFW free and W.A.R or VoodooShield ? If so what were they, Thanks
I will return in a few hours.
- Aug 17, 2013
- 1,905
I agree. I also think that with CFW you don't really need MBAE etc if it's configured correctly and in the hands of an advanced user.
- Aug 2, 2015
- 4,286
I won't remove VS for CFW and it seems that CIS is actually the CFW app seeing I downloaded
the firewall installer and ended up with CIS, as soon as I noticed that, I deleted the installer.
They have no truly "standalone" FW so why advertise it as a free firewall when it has scanning capabilities
like an AV, quarentine like an AV, or security suite, ect.
I just wanted a firewall or firewall companion to compliment my current setup.
Not an antivirus or security suite dressed as a firewall.
From reading the entire thread I was thinking to myself "this thread is devoid of much about the firewall" humm then i realize that CIS is the firewall lol.
You guys @Umbra & @ZeroDay , are obviously skilled with this software, you have to admit it does not fit the true definition of a firewall, maybe firewall (plus)
I will look elsewhere thanks.
PeAcE
Last edited:
Comodo is basically a FW with an HIPS and sandbox, then you can Add/remove the AV part.
Windows Firewall is good enough for a home user, you don't need another one if you take time to learn it.
There is almost no real standalone firewall, now you have either WF's improved GUI or HIPS-FW; the one left is Zone Alarm FW.
Windows Firewall is good enough for a home user, you don't need another one if you take time to learn it.
There is almost no real standalone firewall, now you have either WF's improved GUI or HIPS-FW; the one left is Zone Alarm FW.
- Aug 17, 2013
- 1,905
Too be honest, I think if you configure Windows firewall, Set UAC to maximum, Make sure smartscreen is enabled use Windows defender and tighten things up with Group policy, plus add VS and Sandboxie you're gtg.
want to crash windows 10: Enable HIPS: Yes => Paranoid Mode.
after enabling it I could not open my computer (to view disk drives) or any icon on my computer, my PC just froze.
after rebooting and selecting Internet Security under Configuration, rebooting, then disabling Paranoid Mode for HIPS, everything was back to normal again. I got comodo from this link: Free Firewall | Get Award Winning Comodo Firewall Today
Replaced comodo with Zone Alarm from this link: ZoneAlarm Free Firewall - Personal Computer Firewall Software (click 'Free Download', then click 'No thanks, just the free firewall'). Zone Alarm will disable windows 10 firewall, but works well with windows defender of windows 10.
If I seem a bit biased, please note that I used Bitdefender Internet Security in 2010 & 2013, Kaspersky Internet Security in 2009, 2014, Webroot, Avira, Panda (Bitdefender & Kaspersky being the best of the lot - not free though).
If anyone thinks I did something wrong with configuration or installation, please notify).
after enabling it I could not open my computer (to view disk drives) or any icon on my computer, my PC just froze.
after rebooting and selecting Internet Security under Configuration, rebooting, then disabling Paranoid Mode for HIPS, everything was back to normal again. I got comodo from this link: Free Firewall | Get Award Winning Comodo Firewall Today
Replaced comodo with Zone Alarm from this link: ZoneAlarm Free Firewall - Personal Computer Firewall Software (click 'Free Download', then click 'No thanks, just the free firewall'). Zone Alarm will disable windows 10 firewall, but works well with windows defender of windows 10.
If I seem a bit biased, please note that I used Bitdefender Internet Security in 2010 & 2013, Kaspersky Internet Security in 2009, 2014, Webroot, Avira, Panda (Bitdefender & Kaspersky being the best of the lot - not free though).
If anyone thinks I did something wrong with configuration or installation, please notify).
himalayas1 said:
You just enabled paranoid mode and didn't touch the Trusted Vendor List?
- Dec 29, 2014
- 1,716
Really like this. Now I am 100% sure it takes a year or so to learn CIS/CF well enough to fully configure it. Private Firewall is like training for full control in comparison to this. I feel like I can understand how you feel about being able to craft malware into your own sequence of activity and box it in your own way. Bravo!
PM me if you want add your setting configuration.Use one of the template above for clarity.
Questions regarding Comodo should be posted there : Q&A - Comodo Internet Security v8 Setup/configuration thread
Questions regarding Comodo should be posted there : Q&A - Comodo Internet Security v8 Setup/configuration thread
- Jul 3, 2015
- 8,153
Let's try to demystify the HIPS component of Comodo 10.
Q: Will HIPS catch stuff that autosandbox (containment) misses?
A: No. If you are in proactive mode, then autosandbox will catch all files rated as unknown, and will allow all files rated as trusted. HIPS will do exactly the same thing, if you have it in safe mode.
Q: Will HIPS give me exploit protection?
A: No. That is in the "Advanced Settings" section, under "miscellaneous".
The first feature there, called "heuristic command line analysis," protects you against scripts and provides vulnerable application protection.
The second feature there, called "shellcode injections," protects you against memory exploits.
Q: So what in the world does HIPS do, then?
A: If you have enabled autosandbox (containment), then it is primarily useful for controlling the actions of processes that you don't want to block completely, but you also do not want to allow completely.
I will give you a practical example of how this can be useful.
If you will enable embedded code protection (this is inside the "heuristic command line analysis" section) for cmd.exe, this will increase your security, but on the other hand, it might interfere with the function of certain applications, which is why it is disabled by default. If you find that it interferes, you have another way to get full cmd.exe protection, if you use HIPS.
You can do like this: in autosandbox, you make an "allow" rule for the two cmd.exe files that are found on a 64 bit system. Then, in file list, you mark the two cmd.exe files as "unknown." (You might have to run them first, to make them appear in the list.)
Now you will get HIPS prompts every time cmd.exe runs, and you can make rules to allow your trusty apps.
Q: What else can HIPS do?
A: Let's take the following scenario. Comodo cloud lookup mistakenly whitelists a certain malware file. (Yes, this does happen from time to time.) The result is that autosandbox allows it, and so does HIPS -- at this point in the game.
However, this file is really just a dropper that downloads or spawns another file, the payload, which is the actively malicious part of the attack. The payload is rated as unknown.
Next time you reboot, the payload starts up early, before Comodo protection kicks in, so it gets past autosandbox.
But the payload is rated as unknown, so HIPS starts prompting you for every little action it takes, as soon as Comodo protection kicks in. (By the way, firewall will also prompt you for it, if firewall is in safe mode. And at CS settings, firewall will automatically block the payload from connecting to the internet.)
Q: What if I put Comodo HIPS in paranoid mode?
A: Then you will get prompts even for trusted processes, and you might go insane, because there will be so many prompts. But if you carefully read every prompt, you might catch suspicious processes that should not have been rated as trusted.
However, paranoid mode is not recommended for the average user, who will just end up by ignoring all the prompts. It is like the story of the little boy who cried "Wolf!".
Q: Will HIPS catch stuff that autosandbox (containment) misses?
A: No. If you are in proactive mode, then autosandbox will catch all files rated as unknown, and will allow all files rated as trusted. HIPS will do exactly the same thing, if you have it in safe mode.
Q: Will HIPS give me exploit protection?
A: No. That is in the "Advanced Settings" section, under "miscellaneous".
The first feature there, called "heuristic command line analysis," protects you against scripts and provides vulnerable application protection.
The second feature there, called "shellcode injections," protects you against memory exploits.
Q: So what in the world does HIPS do, then?
A: If you have enabled autosandbox (containment), then it is primarily useful for controlling the actions of processes that you don't want to block completely, but you also do not want to allow completely.
I will give you a practical example of how this can be useful.
If you will enable embedded code protection (this is inside the "heuristic command line analysis" section) for cmd.exe, this will increase your security, but on the other hand, it might interfere with the function of certain applications, which is why it is disabled by default. If you find that it interferes, you have another way to get full cmd.exe protection, if you use HIPS.
You can do like this: in autosandbox, you make an "allow" rule for the two cmd.exe files that are found on a 64 bit system. Then, in file list, you mark the two cmd.exe files as "unknown." (You might have to run them first, to make them appear in the list.)
Now you will get HIPS prompts every time cmd.exe runs, and you can make rules to allow your trusty apps.
Q: What else can HIPS do?
A: Let's take the following scenario. Comodo cloud lookup mistakenly whitelists a certain malware file. (Yes, this does happen from time to time.) The result is that autosandbox allows it, and so does HIPS -- at this point in the game.
However, this file is really just a dropper that downloads or spawns another file, the payload, which is the actively malicious part of the attack. The payload is rated as unknown.
Next time you reboot, the payload starts up early, before Comodo protection kicks in, so it gets past autosandbox.
But the payload is rated as unknown, so HIPS starts prompting you for every little action it takes, as soon as Comodo protection kicks in. (By the way, firewall will also prompt you for it, if firewall is in safe mode. And at CS settings, firewall will automatically block the payload from connecting to the internet.)
Q: What if I put Comodo HIPS in paranoid mode?
A: Then you will get prompts even for trusted processes, and you might go insane, because there will be so many prompts. But if you carefully read every prompt, you might catch suspicious processes that should not have been rated as trusted.
However, paranoid mode is not recommended for the average user, who will just end up by ignoring all the prompts. It is like the story of the little boy who cried "Wolf!".
Last edited:
- Status
