Advice Request Comodo Internet Security Setup/configuration thread

Please provide comments and solutions that are helpful to the author of this topic.

Does this thread helped/informed you?


  • Total voters
    94
Status
Not open for further replies.

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
Hello all COMODO Firewall users, what do you think of my COMODO Firewall configuration?
It's default-deny and automated, made to work on every system, also for beginners (they just import in COMODO and use the config file).
Cloud lookup is off to prevent whitelisted malware.
I Can't understand a part of the settings: what is "trust files installed by trusted installers"? Which are the "trusted installers"? (can this setting cause troubles with whitelisted malware, like the cloud lookup?)
Is there any way it can still be improved concerning security?
COMODO - Maximum Security.cfgx
 
  • Like
Reactions: ZeroDay and AtlBo

Maxwell Sien

Level 2
Verified
Nov 15, 2016
97
Hello all COMODO Firewall users, what do you think of my COMODO Firewall configuration?
It's default-deny and automated, made to work on every system, also for beginners (they just import in COMODO and use the config file).
Cloud lookup is off to prevent whitelisted malware.
I Can't understand a part of the settings: what is "trust files installed by trusted installers"? Which are the "trusted installers"? (can this setting cause troubles with whitelisted malware, like the cloud lookup?)
Is there any way it can still be improved concerning security?
COMODO - Maximum Security.cfgx


Quote from: File Rating Settings, Virus Protection, Internet Protection | CIS Help | COMODO
  • Trust files installed by trusted installers - If enabled, CIS will trust executable and files whose parent applications are listed under the 'Installer or Updater' rule in HIPS Rules. (Default=Enabled)

Everytime you Run an Unrecognized File (in this case, Installer), HIPS will hook and give an Alert. Usually, user will Treat this file as Installer or Updater. If you check Trust applications signed by trusted vendors, All files are created from this Installer will automatically be trusted by Comodo and you will save your time since you wouldn't get another alert again.

can this setting cause troubles with whitelisted malware, like the cloud lookup?
Yes, this can cause trouble if you Run an Installer from Untrusted Website. If you get an fake Installer, all files that are created from this fake Installer will be trusted by Comodo.

No, this can't cause trouble if you Run an Installer from trusted Website like: softonic, softpedia, filehippo, piriform, cnet, or from its official website.
 
  • Like
Reactions: kylprq and ZeroDay

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
I Can't understand a part of the settings: what is "trust files installed by trusted installers"? Which are the "trusted installers"? (can this setting cause troubles with whitelisted malware, like the cloud lookup?)

Yes, this can cause trouble if you Run an Installer from Untrusted Website. If you get an fake Installer, all files that are created from this fake Installer will be trusted by Comodo.

@TheMalwareMaster...just as an example, have you ever installed BlueStacks on a computer? It's an android emulator program. When you install BlueStacks, during the installation it downloads and installs 20 or so applications into the emulation environment. This is before the program even runs for the first time. If you had selected to trust the BlueStacks installer, those apps would install freely without HIPS or sandbox monitoring (and run unmonitored on the system too after installation).

Still think Comodo should go out of their way to remove the trust decision from the user everywhere but in the files list and maybe the Trusted Vendor list.
 

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
Quote from: File Rating Settings, Virus Protection, Internet Protection | CIS Help | COMODO


Everytime you Run an Unrecognized File (in this case, Installer), HIPS will hook and give an Alert. Usually, user will Treat this file as Installer or Updater. If you check Trust applications signed by trusted vendors, All files are created from this Installer will automatically be trusted by Comodo and you will save your time since you wouldn't get another alert again.


Yes, this can cause trouble if you Run an Installer from Untrusted Website. If you get an fake Installer, all files that are created from this fake Installer will be trusted by Comodo.

No, this can't cause trouble if you Run an Installer from trusted Website like: softonic, softpedia, filehippo, piriform, cnet, or from its official website.
But.. If the installer is not clean, it shouldn't be trusted
 
  • Like
Reactions: AtlBo

SearchLight

Level 13
Verified
Top Poster
Well-known
Jul 3, 2017
625
Hello,
I recently, after reading the many posts here, set up CFW according to CS settings video guide. I was going to pair it with WD, and tried to adjust the settings in my Windows 10 GPE according to another post but none of those settings took effect. I am running a W10 pro desktop..

Frustrated, I downloaded CAV and converted CFW to CIS still using CS settings. Now I am having second thoughts as many feel CAV is inferior to the other free AV products. What appealed to me was the use of heuristics.

That being said, I have a lifetime licenses to MB3 and ZAL. I was thinking of removing the AV component and install ZAL and run it alongside CFW because Malwarebytes has not been well received by many on this forum but ZAL has.

Have any suggestions? Thanks.
 
  • Like
Reactions: kylprq and AtlBo

darko999

Level 17
Verified
Well-known
Oct 2, 2014
805
Hello,
I recently, after reading the many posts here, set up CFW according to CS settings video guide. I was going to pair it with WD, and tried to adjust the settings in my Windows 10 GPE according to another post but none of those settings took effect. I am running a W10 pro desktop..

Frustrated, I downloaded CAV and converted CFW to CIS still using CS settings. Now I am having second thoughts as many feel CAV is inferior to the other free AV products. What appealed to me was the use of heuristics.

That being said, I have a lifetime licenses to MB3 and ZAL. I was thinking of removing the AV component and install ZAL and run it alongside CFW because Malwarebytes has not been well received by many on this forum but ZAL has.

Have any suggestions? Thanks.
I would go with CFW alone, ZAL won't give you much if you are running CFW. There is no point to run COMODO with CS settgins and to use COMODO AV at the same time. If you want combo it COMODO FW + WD is cool.
 
  • Like
Reactions: Tiny and AtlBo

Maxwell Sien

Level 2
Verified
Nov 15, 2016
97
I will probably disable that.. What about the trusted vendors list (I didn't edit it). I heard some bad voices but, can you make a single example of a vendor in the default trusted vendors list, which makes adware or PUPs?
Untill now, i still don't have any information about this.. :(
 

SearchLight

Level 13
Verified
Top Poster
Well-known
Jul 3, 2017
625
After reading all the suggestions, I decided to complement CFW with CS settings with Avast Free. Seems like the best compromise.

I wanted to use the new Kaspersky Free but upon installation it displays a message that CFW is incompatible.
 
  • Like
Reactions: AtlBo

BugCode

Level 10
Verified
Well-known
Jan 9, 2017
468
Anyone can explain why Cruel Sister Disable the HIPS?

She doesn't like it... Simple as that. There are more simple and easier way get aroud this. Maybe she trust the power off isolation with proactive method as the settings are.
 
  • Like
Reactions: AtlBo

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
Anyone can explain why Cruel Sister Disable the HIPS?
With cruelsister's setup the only thing HIPS will do is throw up alerts about events happening inside the sandbox, which is somewhat pointless as anything inside the sandbox can't do any damage to the system anyway. The only value HIPS would add is if malware somehow circumvented the sandbox.
 
Last edited:

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Actually the HIPS will be oblivious to anything running inside the Comodo sandbox (Sandboxie is different in this respect- things running inside SBIE will make requests that a HIPS will be aware of, although all these requests will be denied by SBIE no matter what choice you make in the HIPS. In Comodo Containment all such request will be blocked and any HIPS will be oblivious to them).

So with Comodo Sandbox at the preferred (my) setting the only thing the HIPS will alert to are legit processes which will throw up popups that I personally find a bore.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
Actually the HIPS will be oblivious to anything running inside the Comodo sandbox (Sandboxie is different in this respect- things running inside SBIE will make requests that a HIPS will be aware of, although all these requests will be denied by SBIE no matter what choice you make in the HIPS. In Comodo Containment all such request will be blocked and any HIPS will be oblivious to them).

So with Comodo Sandbox at the preferred (my) setting the only thing the HIPS will alert to are legit processes which will throw up popups that I personally find a bore.
Has HIPS ever alerted to events inside the sandbox in any version of Comodo or have I been mistaken this whole time?
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
I've never seen it other than the HIPS alerting initially to when an application initially is executed (Explorer.exe is trying to start whatever). A HIPS will only be aware of things that try to mess with the actual system. The Comodo containment (unlike SBIE) will prevent any requests from reaching the system, so no HIPS popups will be seen.

As an example, consider running the miner Adylkuzz.b- with both HIPS and containment active you will just get the initial HIPS alert that Explorer is trying to run Adylkuzz. That's it.

With Containment off and HIPS on, you will get a total of 17 HIPS alerts (that is if you click allow at each one). If you just click "Block" without clicking the "Remember my Answer" you will actually get over 30 alerts (God knows how many it would actually be, but I got bored after 30!). If you clicked on the "Remember my Answer" box you still would have received 12 popups.

Now in all of the above scenarios the malware will be blocked. Personally I have better things to do with my time than answering stupid HIPS alerts which is why I don't suggest the HIPS being active. Trust me- I'm more than just another pretty face...
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
All so true.
But just in order that people won't think some advanced Comodo users are totally crazy, I would like to mention some things that HIPS can add:
Besides giving you more control over exploitable apps, it can also help to protect you from processes that start up in unconventional ways, and somehow manage to elude containment.
For instance, if you set Powershell to unrecognized, then even if it gets launched in an underhanded way, you should still get prompted for its actions.
Or, if a signed PUP downloads an unrecognized file, and schedules it to run immediately at the next reboot, you should start to get HIPS prompts for its actions, when Comodo protection kicks in.

I am sure other users can tell of more nifty HIPS tricks, despite all the trouble and aggravation that HIPS does entail.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Is this right, for CS settings?

Capture.PNG
 
  • Like
Reactions: Syafiq
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top