Q&A Comodo Internet Security Setup/configuration thread

Discussion in 'Comodo' started by Umbra, Nov 12, 2015.

?

Does this thread helped/informed you?

  1. Yes, i learned new things

    81.7%
  2. No, i know all of CIS already

    18.3%
  1. TheMalwareMaster

    TheMalwareMaster Level 19
    Trusted

    Jan 4, 2016
    931
    5,464
    Europe
    Windows 10
    Default-Deny
    Hello all COMODO Firewall users, what do you think of my COMODO Firewall configuration?
    It's default-deny and automated, made to work on every system, also for beginners (they just import in COMODO and use the config file).
    Cloud lookup is off to prevent whitelisted malware.
    I Can't understand a part of the settings: what is "trust files installed by trusted installers"? Which are the "trusted installers"? (can this setting cause troubles with whitelisted malware, like the cloud lookup?)
    Is there any way it can still be improved concerning security?
    COMODO - Maximum Security.cfgx
     
    ZeroDay and AtlBo like this.
  2. Maxwell Sien

    Maxwell Sien Level 2

    Nov 15, 2016
    95
    298
    Indonesia
    Windows 10
    Default-Deny

    Quote from: File Rating Settings, Virus Protection, Internet Protection | CIS Help | COMODO
    Everytime you Run an Unrecognized File (in this case, Installer), HIPS will hook and give an Alert. Usually, user will Treat this file as Installer or Updater. If you check Trust applications signed by trusted vendors, All files are created from this Installer will automatically be trusted by Comodo and you will save your time since you wouldn't get another alert again.

    Yes, this can cause trouble if you Run an Installer from Untrusted Website. If you get an fake Installer, all files that are created from this fake Installer will be trusted by Comodo.

    No, this can't cause trouble if you Run an Installer from trusted Website like: softonic, softpedia, filehippo, piriform, cnet, or from its official website.
     
    ZeroDay likes this.
  3. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,519
    Qihoo 360
    @TheMalwareMaster...just as an example, have you ever installed BlueStacks on a computer? It's an android emulator program. When you install BlueStacks, during the installation it downloads and installs 20 or so applications into the emulation environment. This is before the program even runs for the first time. If you had selected to trust the BlueStacks installer, those apps would install freely without HIPS or sandbox monitoring (and run unmonitored on the system too after installation).

    Still think Comodo should go out of their way to remove the trust decision from the user everywhere but in the files list and maybe the Trusted Vendor list.
     
    MWNu72, ZeroDay, EASTER and 3 others like this.
  4. TheMalwareMaster

    TheMalwareMaster Level 19
    Trusted

    Jan 4, 2016
    931
    5,464
    Europe
    Windows 10
    Default-Deny
    But.. If the installer is not clean, it shouldn't be trusted
     
    AtlBo likes this.
  5. Maxwell Sien

    Maxwell Sien Level 2

    Nov 15, 2016
    95
    298
    Indonesia
    Windows 10
    Default-Deny
    Feel free to Uncheck/disable it.. ;)
     
    AtlBo likes this.
  6. TheMalwareMaster

    TheMalwareMaster Level 19
    Trusted

    Jan 4, 2016
    931
    5,464
    Europe
    Windows 10
    Default-Deny
    I will probably disable that.. What about the trusted vendors list (I didn't edit it). I heard some bad voices but, can you make a single example of a vendor in the default trusted vendors list, which makes adware or PUPs?
     
    AtlBo and ZeroDay like this.
  7. SearchLight

    SearchLight Level 3

    Jul 3, 2017
    134
    221
    New Jersey
    Windows 10
    Malwarebytes
    Hello,
    I recently, after reading the many posts here, set up CFW according to CS settings video guide. I was going to pair it with WD, and tried to adjust the settings in my Windows 10 GPE according to another post but none of those settings took effect. I am running a W10 pro desktop..

    Frustrated, I downloaded CAV and converted CFW to CIS still using CS settings. Now I am having second thoughts as many feel CAV is inferior to the other free AV products. What appealed to me was the use of heuristics.

    That being said, I have a lifetime licenses to MB3 and ZAL. I was thinking of removing the AV component and install ZAL and run it alongside CFW because Malwarebytes has not been well received by many on this forum but ZAL has.

    Have any suggestions? Thanks.
     
    AtlBo likes this.
  8. darko999

    darko999 Level 16

    Oct 2, 2014
    769
    2,237
    I would go with CFW alone, ZAL won't give you much if you are running CFW. There is no point to run COMODO with CS settgins and to use COMODO AV at the same time. If you want combo it COMODO FW + WD is cool.
     
    Tiny and AtlBo like this.
  9. Maxwell Sien

    Maxwell Sien Level 2

    Nov 15, 2016
    95
    298
    Indonesia
    Windows 10
    Default-Deny
    Untill now, i still don't have any information about this.. :(
     
  10. SearchLight

    SearchLight Level 3

    Jul 3, 2017
    134
    221
    New Jersey
    Windows 10
    Malwarebytes
    After reading all the suggestions, I decided to complement CFW with CS settings with Avast Free. Seems like the best compromise.

    I wanted to use the new Kaspersky Free but upon installation it displays a message that CFW is incompatible.
     
    AtlBo likes this.
  11. Maxwell Sien

    Maxwell Sien Level 2

    Nov 15, 2016
    95
    298
    Indonesia
    Windows 10
    Default-Deny
    Anyone can explain why Cruel Sister Disable the HIPS?
     
    AtlBo likes this.
  12. BugCode

    BugCode Level 10

    Jan 9, 2017
    460
    4,529
    FireFighter
    Oeno Island
    She doesn't like it... Simple as that. There are more simple and easier way get aroud this. Maybe she trust the power off isolation with proactive method as the settings are.
     
    AtlBo likes this.
  13. Maxwell Sien

    Maxwell Sien Level 2

    Nov 15, 2016
    95
    298
    Indonesia
    Windows 10
    Default-Deny
    Does she use another Tools to Replace HIPS?
     
  14. Davidov

    Davidov Level 10

    Sep 9, 2012
    466
    1,523
    CR
    Windows 7
    Isolation
    Sandbox isolates threats, and the firewall blocks communication so there's no need. After reboot, malware is reset (reset sandbox).
     
    Opcode likes this.
  15. Arequire

    Arequire Level 18

    Feb 10, 2017
    898
    2,804
    United Kingdom
    Windows 7
    Default-Deny
    #295 Arequire, Sep 7, 2017
    Last edited: Sep 7, 2017
    With cruelsister's setup the only thing HIPS will do is throw up alerts about events happening inside the sandbox, which is somewhat pointless as anything inside the sandbox can't do any damage to the system anyway. The only value HIPS would add is if malware somehow circumvented the sandbox.
     
  16. cruelsister

    cruelsister Level 32
    Trusted

    Apr 13, 2013
    2,131
    12,420
    NYC
    Actually the HIPS will be oblivious to anything running inside the Comodo sandbox (Sandboxie is different in this respect- things running inside SBIE will make requests that a HIPS will be aware of, although all these requests will be denied by SBIE no matter what choice you make in the HIPS. In Comodo Containment all such request will be blocked and any HIPS will be oblivious to them).

    So with Comodo Sandbox at the preferred (my) setting the only thing the HIPS will alert to are legit processes which will throw up popups that I personally find a bore.
     
  17. Arequire

    Arequire Level 18

    Feb 10, 2017
    898
    2,804
    United Kingdom
    Windows 7
    Default-Deny
    Has HIPS ever alerted to events inside the sandbox in any version of Comodo or have I been mistaken this whole time?
     
  18. cruelsister

    cruelsister Level 32
    Trusted

    Apr 13, 2013
    2,131
    12,420
    NYC
    #298 cruelsister, Sep 7, 2017
    Last edited: Sep 7, 2017
    I've never seen it other than the HIPS alerting initially to when an application initially is executed (Explorer.exe is trying to start whatever). A HIPS will only be aware of things that try to mess with the actual system. The Comodo containment (unlike SBIE) will prevent any requests from reaching the system, so no HIPS popups will be seen.

    As an example, consider running the miner Adylkuzz.b- with both HIPS and containment active you will just get the initial HIPS alert that Explorer is trying to run Adylkuzz. That's it.

    With Containment off and HIPS on, you will get a total of 17 HIPS alerts (that is if you click allow at each one). If you just click "Block" without clicking the "Remember my Answer" you will actually get over 30 alerts (God knows how many it would actually be, but I got bored after 30!). If you clicked on the "Remember my Answer" box you still would have received 12 popups.

    Now in all of the above scenarios the malware will be blocked. Personally I have better things to do with my time than answering stupid HIPS alerts which is why I don't suggest the HIPS being active. Trust me- I'm more than just another pretty face...
     
  19. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,288
    13,654
    Utopia
    #299 shmu26, Sep 7, 2017
    Last edited: Sep 7, 2017
    All so true.
    But just in order that people won't think some advanced Comodo users are totally crazy, I would like to mention some things that HIPS can add:
    Besides giving you more control over exploitable apps, it can also help to protect you from processes that start up in unconventional ways, and somehow manage to elude containment.
    For instance, if you set Powershell to unrecognized, then even if it gets launched in an underhanded way, you should still get prompted for its actions.
    Or, if a signed PUP downloads an unrecognized file, and schedules it to run immediately at the next reboot, you should start to get HIPS prompts for its actions, when Comodo protection kicks in.

    I am sure other users can tell of more nifty HIPS tricks, despite all the trouble and aggravation that HIPS does entail.
     
    Syafiq and Telos like this.
  20. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,288
    13,654
    Utopia
    Is this right, for CS settings?

    Capture.PNG
     
    Syafiq likes this.
Loading...
Similar Threads Forum Date
Update Comodo Internet Security Essentials v.1.3.436779.133 - RC Comodo Jan 4, 2018
Update Comodo Internet Security v10.1.0.6460 - Beta Comodo Dec 23, 2017
Update Recognizer v1.10.0.105 for Comodo Internet Security v10 (RC) Comodo Dec 12, 2017