Advice Request Comodo Internet Security Setup/configuration thread

Please provide comments and solutions that are helpful to the author of this topic.

Does this thread helped/informed you?


  • Total voters
    94
Status
Not open for further replies.
I

illumination

Thread author
Hey all,

So I have not used any Comodo products in a few years. Just installed CF and it seems to be way more stable in usage compared to how it used to behave. I have a few questions regarding the sandbox though, maybe somebody with more knowledge can help me out a bit :)

So I already enabled Pro-active mode. Auto containment is enabled for unkown files, Hips disabled. I have seen Cruelsister her config videos on YT. What is the difference between these 2 options:

- Stock setting enable auto sandbox, no restriction defined.
- Enable auto sandbox, manually set restriction to something like limited/partially limited.

Now both settings would auto sandbox and let unkown files run in a virtual environment, so would changing the restrictions to limited/untrusted make any difference in regards to protection? The unkown file is run virtualized anyways right?

Comodo claims that the auto sandbox ships out the door with pre-configured rules for max protection.
Below is the difference between restriction levels.

  • Partially Limited - The application is allowed to access all operating system files and resources like the clipboard. Modification of protected files/registry keys is not allowed. Privileged operations like loading drivers or debugging other applications are also not allowed.
  • Limited - Only selected operating system resources can be accessed by the application. The application is not allowed to execute more than 10 processes at a time and is run without Administrator account privileges.
  • Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications, like computer games, may not work properly under this setting.
  • Untrusted - The application is not allowed to access any operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications that require user interaction may not work properly under this setting.
 

Allego

Level 3
Verified
Well-known
Jan 25, 2016
125
When i was using kfa + cfw with cs i couldnt run anything in container, you have guide how to run browser in container after you have set up fw.

But Now i have been using internet security, with cs settings i can run everything in container, when kfa + cf didnt let me to
We have the same problem. I also have KFA+CFW. Whenever I right-click a file then click "Run in Comodo container" in the context menu, it won't work and the explorer hangs. But when I double click the file, the containment works. I found the workaround though by manually starting the COMODO Virtual Service Manager in the Services whenever I planning to manually run a file in the container.
 

JoseyWales

Level 1
Verified
Jul 23, 2018
33
.....I found the workaround though by manually starting the COMODO Virtual Service Manager in the Services whenever I planning to manually run a file in the container.

So you're telling us you run your system from the admin account on a daily basis? Is my read correct?
 

vaccineboy

Level 3
Verified
Well-known
Sep 5, 2018
141
Dear all,

If I enable all of CIS' modules (FW, sandbox, HIPS, AV, etc.), what is the order for a file check to go through?
For example, AV -> HIPS -> ...

Thank you.
 
  • Like
Reactions: AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
1. The a-v is file detection, and would have first crack at the file (using the cloud if necessary), assigning a rating for the file.
Once a file rating has been established as trusted, unrecognized, or malicious, the following will just happen for the process, based on the settngs for each respective module as you have chosen them.
2.(tie) Firewall-In proactive all applications will generate a first alert
2 (tie) HIPS-This really is just there during it all. If the process is unrecognized and you have HIPS on in Safe mode, you will see alerts if it wants to change things
2 (tie) Containment-If the file is unrecognized by Comodo or malicious, the unrecognized process just will be run in the container (based on default settings) and malicious I believe blocked and quarantined. Firewall and HIPS don't have anything to do with this.
3. Viruscope

Because the trust/unrecognized/malicious status of the file is determined first, the rest can happen in their own time and way. No need to worry about choices overlapping->they don't.

Recommend->Proactive
HIPs->Safe mode
Firewall->Safe mode
Sandbox->Go to the bottommost rule and open it and set it to Virtualize (default) and then inside Options->Set restriction level->limited or restricted. Limited means you can see the GUI of the unrecognized application when there is one etc.
 
Last edited:

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
1. The a-v is file detection, and would have first crack at the file (using the cloud if necessary), assigning a rating for the file.
Once a file rating has been established as trusted, unrecognized, or malicious, the following will just happen for the process, based on the settngs for each respective module as you have chosen them.
2.(tie) Firewall-In proactive all applications will generate a first alert
2 (tie) HIPS-This really is just there during it all. If the process is unrecognized and you have HIPS on in Safe mode, you will see alerts if it wants to change things
2 (tie) Containement-If the file is unrecognized by Comodo or malicious, the process just will be run in the container (by your settings). Firewall and HIPS don't have anything to do with this.
3. Viruscope

Because the trust/unrecognized/malicious status of the file is determined first, the rest can happen in their own time and way. No need to worry about choices overlapping->they don't.

Recommend->Proactive
HIPs->Safe mode
Firewall->Safe mode
Sandbox->Go to the bottommost rule and open it and set it to Virtualize (default) and then inside Options->Set restriction level->limited or restricted. Limited means you can see the GUI of the unrecognized application when there is one etc.
Why not set the restriction level of sandbox to "no trusted"? Would it be more safer?
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Why not set the restriction level of sandbox to "no trusted"? Would it be more safer?

Whichever level is more comfortable to the user. I actually use "Partially limited", because I have other security programs on the system and quite a bit of experience judging risk. Anyway, I don't think the system could be easily abused even at this setting, but @cruelsister says she hasn't seen it happen before in her testing. She uses restricted or blocked I believe.

The setting to block the file ("no trusted") is very good for an everyday computer user. Just don't get to see the application GUI to see what it does.
 

vaccineboy

Level 3
Verified
Well-known
Sep 5, 2018
141
1. The a-v is file detection, and would have first crack at the file (using the cloud if necessary), assigning a rating for the file.
Once a file rating has been established as trusted, unrecognized, or malicious, the following will just happen for the process, based on the settngs for each respective module as you have chosen them.
2.(tie) Firewall-In proactive all applications will generate a first alert
2 (tie) HIPS-This really is just there during it all. If the process is unrecognized and you have HIPS on in Safe mode, you will see alerts if it wants to change things
2 (tie) Containement-If the file is unrecognized by Comodo or malicious, the process just will be run in the container (by your settings). Firewall and HIPS don't have anything to do with this.
3. Viruscope

Because the trust/unrecognized/malicious status of the file is determined first, the rest can happen in their own time and way. No need to worry about choices overlapping->they don't.

Recommend->Proactive
HIPs->Safe mode
Firewall->Safe mode
Sandbox->Go to the bottommost rule and open it and set it to Virtualize (default) and then inside Options->Set restriction level->limited or restricted. Limited means you can see the GUI of the unrecognized application when there is one etc.
So clear. Thank you very much!
 
  • Like
Reactions: vtqhtr413 and AtlBo

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Why not set the restriction level of sandbox to "no trusted"? Would it be more safer?

Yes, kinda-sorta it would be. But at that setting whatever application that would be sandboxed would just be totally blocked. There are many that have in the past criticized this action (for whatever reason) and so I don't use it in my videos.

But whether using Restricted or Untrusted the protection would be equivalent.

I actually use "Partially limited"

This will be fine, but may lead to things like the Desktop Wallpaper being changed and other such trivia. Used by an Old Hand like AtlBo this is not an issue at all; but for most it may be disconcerting.
 
5

509322

Thread author
Not any that im aware of. Its just weird did they discontinued their own secure dns and replaced it with neustars

I am using Neustar for a week, good choice so far,a little strict in terms of safety, replaced Open Dns, didn't like so much to too slow.I didn't know Comodo start using it, probably better choice.

COMODO never had its own proprietary DNS. It leased service from a DNS provider (Neustar), customized it with some tweaks and promoted it as COMODO Secure DNS.
 

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
So by this way of thinking, if Adobe pushes out a flawed Flash update everyone should automatically uninstall Photoshop.

Personally I could care less if Comodo even has any DNS thingy (I use my ISP's), and whether it is fair or Foul it doesn't add or detract from their security product anyway.

Let's try not to be petty...
 
5

509322

Thread author
So by this way of thinking, if Adobe pushes out a flawed Flash update everyone should automatically uninstall Photoshop.

Personally I could care less if Comodo even has any DNS thingy (I use my ISP's), and whether it is fair or Foul it doesn't add or detract from their security product anyway.

Let's try not to be petty...

It adds to the feature list.

Does it really add anything significant to overall security ? No, it does not. Content filtering is the least effective and efficient of all protections.
 

vaccineboy

Level 3
Verified
Well-known
Sep 5, 2018
141
Hi all,

In relation to DNS matter, regarding web filtering module in CIS, do you know where the source of the block lists comes from? Is it also from Neustar?

And also how is the module implemented? As in system-wide or browser only? Proxy or hosts, etc. (though I believe hosts is not the case)?

I read that it's not good, but ask out of curiosity. Thanks.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top