- Oct 30, 2015
- 1,251
Ok got it!
It's from ASUS Live Update then.
The notification shows it is not digitally verified by the publisher. I clicked it to run it in sandbox mode (default).
Please provide comments and solutions that are helpful to the author of this topic.
- Status
Ok got it!
It's from ASUS Live Update then.
The notification shows it is not digitally verified by the publisher. I clicked it to run it in sandbox mode (default).
That one should be submitted to Comodo for white-listing. It's a pain... I know, but help you and help lot of other ASUS - Comodo users.
At very least change rating from Unrecognized to Trusted. You know you have options. You read my post...
- Mar 15, 2011
- 13,070
A reason why the overall configuration should be in 'Training Mode' for more than 1 week or so, those Trusted Vendor List are not sufficient hence its a user job to build the 'fortress'.
CIS consist of many possible configurations outcomes and to avoid any issues better install on a 'very fresh system'.
However again still a developers problem on not taking care those Windows System as trusted prior not to judge too much on Digital signatures.
* If I have available time, CIS will be test on my VM for possible issues and problems.
CIS consist of many possible configurations outcomes and to avoid any issues better install on a 'very fresh system'.
However again still a developers problem on not taking care those Windows System as trusted prior not to judge too much on Digital signatures.
* If I have available time, CIS will be test on my VM for possible issues and problems.
- Jul 7, 2014
- 1,017
My Norton got expired 
sniff sniff ( Damn where is the crying smiley).
Just noticed this thread and installed Comodo.
As of now I have set HIPS to safe mode. Other than that all are default only. Can someone suggest me a good config? If you can provide the config export that would be great. Before I am purchasing another AV till then I might need to stick with it.
sniff sniff ( Damn where is the crying smiley).Just noticed this thread and installed Comodo.
As of now I have set HIPS to safe mode. Other than that all are default only. Can someone suggest me a good config? If you can provide the config export that would be great. Before I am purchasing another AV till then I might need to stick with it.
My Norton got expired
Just noticed this thread and installed Comodo.
View attachment 76533
As of now I have set HIPS to safe mode. Other than that all are default only. Can someone suggest me a good config? If you can provide the config export that would be great. Before I am purchasing another AV till then I might need to stick with it.
Please take a look at these somewhat older treads :
How to Install Comodo Firewall
Firewall Setup for Maximum Security and Usability,Firewall Set up,Spyware Scan| Internet Security v6.3
Tried @hjlbx configurations and getting window 10 update.
End up my laptop got paranoid.
Looks good by the way. I love pop-ups
Haha!
I temporarily set from Paranoid to Safe Mode and no more pop-up after one allow.
I only use Paranoid Mode after using Training Mode. Paranoid Mode makes system unusable unless you have created allow rules.
Paranoid Mode (without allow rules) is good to learn = study popups, learn file actions, etc.
Safe Mode = HIPS will alert for Unrecognized files.
Paranoid Mode = HIPS will alert for any file - including all Trusted\OS files !
Last edited by a moderator:
- Mar 15, 2011
- 13,070
@Anupam: You may check other guides regarding to Auto-Sandbox, since some scenarios where programs even though trusted (unsigned digital signatures) are been isolated (auto-sandbox).
Other than that, everything should be work very well. HIPS in safe mode is totally fine due to built in ruleset predefined.
Other than that, everything should be work very well. HIPS in safe mode is totally fine due to built in ruleset predefined.
- Oct 30, 2015
- 1,251
Thanks for the guidance!
Currently since this is a clean install, I do not have alot of programs running. Hence pop-up is still manageable.
In any case, I did learn quite a fair bit from the pop-up.
@jamescv7 gives good advice; Proactive Configuration with HIPS Safe Mode is sufficient.
In fact, Comodo will only activate and honor their infection removal and data loss warranties on the stipulation that user must enable:
Proactive Configuration with default settings:
- Antivirus enabled
- HIPS Safe Mode enabled
- Auto-Sandbox enabled
- Viruscope enabled
- Firewall Safe Mode enabled
- File List settings left at default
- Jul 7, 2014
- 1,017
Then already I have the correct settings
. I do not want to go into paranoid mode because I think that will show so many pop-ups that I will get irritated and will un-install it.Then already I have the correct settings
View attachment 76549
@Anupam - you are smart man...
- Oct 30, 2015
- 1,251
Hi @hjlbx ,
Wish to ask something related to your file rating settings:
"When changing rating from Trusted to Unrecognized, HIPS will block and Sandbox will auto-sandbox the files. For acceptable usability, the user should choose one of the following:
Create auto-sandbox Ignore rule so file is not sandboxed; when sandboxed legitimately safe actions by the files will not be saved to system.
Use Training Mode to create HIPS Allow rules and do not create Auto-Sandbox Ignore rule; Sandbox will alert when file is executed. If user knows it is safe, then make sure do not create rule and select Allow.
It is complicated to explain all the intricacies of this part of the configuration. My advice is not to do it unless you really are familiar with CIS. You can break things, but at the same time, you can always delete any rules that cause problems.
So does it mean those applications/file you listed are indeed trusted but you changed it to Unrecognised ? Just curious.. why changed it when it is already trusted? Possibly this is what confuses me.
Wish to ask something related to your file rating settings:
"When changing rating from Trusted to Unrecognized, HIPS will block and Sandbox will auto-sandbox the files. For acceptable usability, the user should choose one of the following:
Create auto-sandbox Ignore rule so file is not sandboxed; when sandboxed legitimately safe actions by the files will not be saved to system.
Use Training Mode to create HIPS Allow rules and do not create Auto-Sandbox Ignore rule; Sandbox will alert when file is executed. If user knows it is safe, then make sure do not create rule and select Allow.
It is complicated to explain all the intricacies of this part of the configuration. My advice is not to do it unless you really are familiar with CIS. You can break things, but at the same time, you can always delete any rules that cause problems.
- cmd.exe (Batch scripts)
- cscript.exe (VBS, VBE, ...)
- wscript.exe (VBS, VBE, ...)
- mshta.exe (HTML applications)
- regsvr32.dll (DLLs)
- mmc.exe (Management Console Plugins)
- regedit.exe (Registry scripts)
- regedt32.exe (Registry scripts)
- rundll32.exe (DLLs)
- rundll.exe (DLLs)
- powershell.exe (PowerShell scripts, currently incomplete due to the many ways PowerShell can be used for scripting)
- msiexec.exe (MSI installers)
- java.exe (JAVA applications)
- javaw.exe (JAVA applications)
- vssadmin.exe (Volume Shadow Copy)
- csc.exe
- vbs.exe
- jsc.exe
- InstallUtil.exe
- IEExec.exe
- DFsvc.exe
- dfshim.dll
- PresentationHost.exe "
So does it mean those applications/file you listed are indeed trusted but you changed it to Unrecognised ? Just curious.. why changed it when it is already trusted? Possibly this is what confuses me.
Because those application are infection-vectors, if you trust them, malware using them would have opportunity to modify the system. By putting them unrecognized, they will trigger a sandbox alert , then you will have the choice to allow it (if you opened cmd.exe for example) or block it (if cmd.exe launches without your interaction).
CIS is a great tool in hands of a specialist, more you tweak it , stronger it becomes; unfortunately the default setting are way too vulnerable.
- Oct 30, 2015
- 1,251
I see. Then how am I going to know if the program I using is opening cmd.exe (for e.g.) ? rundll.exe is also quite common so far I've seen on my pop-up.
Don't try too much, just learn step by step, if CIS works fine enough for you, just keep it like this.
- Oct 30, 2015
- 1,251
Haha, thats what I'm actually doing it. To try it out every settings in CIS and learn tweaking. Most important lesson to me is knowing why instead, not really on how.
Haha, thats what I'm actually doing it. To try it out every settings in CIS and learn tweaking. Most important lesson to me is knowing why instead, not really on how.
If something gets broken just delete rule. You don't need to completely uninstall CIS.
- Status
