Advice Request Comodo Internet Security Setup/configuration thread

[illumination]

Hey all,

So I have not used any Comodo products in a few years. Just installed CF and it seems to be way more stable in usage compared to how it used to behave. I have a few questions regarding the sandbox though, maybe somebody with more knowledge can help me out a bit

So I already enabled Pro-active mode. Auto containment is enabled for unkown files, Hips disabled. I have seen Cruelsister her config videos on YT. What is the difference between these 2 options:

- Stock setting enable auto sandbox, no restriction defined.
- Enable auto sandbox, manually set restriction to something like limited/partially limited.

Now both settings would auto sandbox and let unkown files run in a virtual environment, so would changing the restrictions to limited/untrusted make any difference in regards to protection? The unkown file is run virtualized anyways right?

Comodo claims that the auto sandbox ships out the door with pre-configured rules for max protection.
Below is the difference between restriction levels.

• Partially Limited - The application is allowed to access all operating system files and resources like the clipboard. Modification of protected files/registry keys is not allowed. Privileged operations like loading drivers or debugging other applications are also not allowed.
• Limited - Only selected operating system resources can be accessed by the application. The application is not allowed to execute more than 10 processes at a time and is run without Administrator account privileges.
• Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications, like computer games, may not work properly under this setting.
• Untrusted - The application is not allowed to access any operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications that require user interaction may not work properly under this setting.

 

[Allego]

When i was using kfa + cfw with cs i couldnt run anything in container, you have guide how to run browser in container after you have set up fw.

But Now i have been using internet security, with cs settings i can run everything in container, when kfa + cf didnt let me to

We have the same problem. I also have KFA+CFW. Whenever I right-click a file then click "Run in Comodo container" in the context menu, it won't work and the explorer hangs. But when I double click the file, the containment works. I found the workaround though by manually starting the COMODO Virtual Service Manager in the Services whenever I planning to manually run a file in the container.

 

[JoseyWales]

.....I found the workaround though by manually starting the COMODO Virtual Service Manager in the Services whenever I planning to manually run a file in the container.

So you're telling us you run your system from the admin account on a daily basis? Is my read correct?

 

[vaccineboy]

Dear all,

If I enable all of CIS' modules (FW, sandbox, HIPS, AV, etc.), what is the order for a file check to go through?
For example, AV -> HIPS -> ...

Thank you.

 

[AtlBo]

1. The a-v is file detection, and would have first crack at the file (using the cloud if necessary), assigning a rating for the file.
Once a file rating has been established as trusted, unrecognized, or malicious, the following will just happen for the process, based on the settngs for each respective module as you have chosen them.
2.(tie) Firewall-In proactive all applications will generate a first alert
2 (tie) HIPS-This really is just there during it all. If the process is unrecognized and you have HIPS on in Safe mode, you will see alerts if it wants to change things
2 (tie) Containment-If the file is unrecognized by Comodo or malicious, the unrecognized process just will be run in the container (based on default settings) and malicious I believe blocked and quarantined. Firewall and HIPS don't have anything to do with this.
3. Viruscope

Because the trust/unrecognized/malicious status of the file is determined first, the rest can happen in their own time and way. No need to worry about choices overlapping->they don't.

Recommend->Proactive
HIPs->Safe mode
Firewall->Safe mode
Sandbox->Go to the bottommost rule and open it and set it to Virtualize (default) and then inside Options->Set restriction level->limited or restricted. Limited means you can see the GUI of the unrecognized application when there is one etc.

 

[Nestor]

1. The a-v is file detection, and would have first crack at the file (using the cloud if necessary), assigning a rating for the file.
Once a file rating has been established as trusted, unrecognized, or malicious, the following will just happen for the process, based on the settngs for each respective module as you have chosen them.
2.(tie) Firewall-In proactive all applications will generate a first alert
2 (tie) HIPS-This really is just there during it all. If the process is unrecognized and you have HIPS on in Safe mode, you will see alerts if it wants to change things
2 (tie) Containement-If the file is unrecognized by Comodo or malicious, the process just will be run in the container (by your settings). Firewall and HIPS don't have anything to do with this.
3. Viruscope

Because the trust/unrecognized/malicious status of the file is determined first, the rest can happen in their own time and way. No need to worry about choices overlapping->they don't.

Recommend->Proactive
HIPs->Safe mode
Firewall->Safe mode
Sandbox->Go to the bottommost rule and open it and set it to Virtualize (default) and then inside Options->Set restriction level->limited or restricted. Limited means you can see the GUI of the unrecognized application when there is one etc.

Why not set the restriction level of sandbox to "no trusted"? Would it be more safer?

 

[AtlBo]

Why not set the restriction level of sandbox to "no trusted"? Would it be more safer?

Whichever level is more comfortable to the user. I actually use "Partially limited", because I have other security programs on the system and quite a bit of experience judging risk. Anyway, I don't think the system could be easily abused even at this setting, but @cruelsister says she hasn't seen it happen before in her testing. She uses restricted or blocked I believe.

The setting to block the file ("no trusted") is very good for an everyday computer user. Just don't get to see the application GUI to see what it does.

 

[vaccineboy]

1. The a-v is file detection, and would have first crack at the file (using the cloud if necessary), assigning a rating for the file.
Once a file rating has been established as trusted, unrecognized, or malicious, the following will just happen for the process, based on the settngs for each respective module as you have chosen them.
2.(tie) Firewall-In proactive all applications will generate a first alert
2 (tie) HIPS-This really is just there during it all. If the process is unrecognized and you have HIPS on in Safe mode, you will see alerts if it wants to change things
2 (tie) Containement-If the file is unrecognized by Comodo or malicious, the process just will be run in the container (by your settings). Firewall and HIPS don't have anything to do with this.
3. Viruscope

Because the trust/unrecognized/malicious status of the file is determined first, the rest can happen in their own time and way. No need to worry about choices overlapping->they don't.

Recommend->Proactive
HIPs->Safe mode
Firewall->Safe mode
Sandbox->Go to the bottommost rule and open it and set it to Virtualize (default) and then inside Options->Set restriction level->limited or restricted. Limited means you can see the GUI of the unrecognized application when there is one etc.

So clear. Thank you very much!

 

[cruelsister]

Why not set the restriction level of sandbox to "no trusted"? Would it be more safer?

Yes, kinda-sorta it would be. But at that setting whatever application that would be sandboxed would just be totally blocked. There are many that have in the past criticized this action (for whatever reason) and so I don't use it in my videos.

But whether using Restricted or Untrusted the protection would be equivalent.

I actually use "Partially limited"

This will be fine, but may lead to things like the Desktop Wallpaper being changed and other such trivia. Used by an Old Hand like AtlBo this is not an issue at all; but for most it may be disconcerting.

 

[Moonhorse]

Installed Comodo internet security back after windows clean install. It seems their ' Secure DNS' is provided by neustar nowadays?

 

[Nestor]

Installed Comodo internet security back after windows clean install. It seems their ' Secure DNS' is provided by neustar nowadays?

Do you have any problems with v.11?

 

[Moonhorse]

Do you have any problems with v.11?

Not any that im aware of. Its just weird did they discontinued their own secure dns and replaced it with neustars

 

[Nestor]

Not any that im aware of. Its just weird did they discontinued their own secure dns and replaced it with neustars

I am using Neustar for a week, good choice so far,a little strict in terms of safety, replaced Open Dns, didn't like so much to too slow.I didn't know Comodo start using it, probably better choice.

 

[509322]

Not any that im aware of. Its just weird did they discontinued their own secure dns and replaced it with neustars

I am using Neustar for a week, good choice so far,a little strict in terms of safety, replaced Open Dns, didn't like so much to too slow.I didn't know Comodo start using it, probably better choice.

COMODO never had its own proprietary DNS. It leased service from a DNS provider (Neustar), customized it with some tweaks and promoted it as COMODO Secure DNS.

 

[Deleted member 178]

Comodo is the champion of rebranding/refurbishing stuff, but doesn't means they make them efficient or even working...

 

[cruelsister]

So by this way of thinking, if Adobe pushes out a flawed Flash update everyone should automatically uninstall Photoshop.

Personally I could care less if Comodo even has any DNS thingy (I use my ISP's), and whether it is fair or Foul it doesn't add or detract from their security product anyway.

Let's try not to be petty...

 

[509322]

So by this way of thinking, if Adobe pushes out a flawed Flash update everyone should automatically uninstall Photoshop.

Personally I could care less if Comodo even has any DNS thingy (I use my ISP's), and whether it is fair or Foul it doesn't add or detract from their security product anyway.

Let's try not to be petty...

It adds to the feature list.

Does it really add anything significant to overall security ? No, it does not. Content filtering is the least effective and efficient of all protections.

 

[cruelsister]

Well said- does whether C uses a third party DNS provider in any way detract from the malware protection afforded by CF?

For those that say "Yes", please dazzle me with your brilliance...

 

[Deleted member 178]

Well said- does whether C uses a third party DNS provider in any way detract from the malware protection afforded by CF?

For those that say "Yes", please dazzle me with your brilliance...

when you add stuff that are barely efficient and even not needed, it is called bloat.

 

[vaccineboy]

Hi all,

In relation to DNS matter, regarding web filtering module in CIS, do you know where the source of the block lists comes from? Is it also from Neustar?

And also how is the module implemented? As in system-wide or browser only? Proxy or hosts, etc. (though I believe hosts is not the case)?

I read that it's not good, but ask out of curiosity. Thanks.