Comodo Internet Security v10.0.0.5144 BETA

[Deleted member 2913]

From there you can see what is blocked and what is not, you can also unblock safe files that where block.

From my tests CIS 10 doesn't always show if a file is blocked or not, using unblock applications you can see that

Does CIS 10 Beta default treats files already on the system before CIS install as "Safe" like CIS 8 Stable?

 

[hjlbx]

Does CIS 10 Beta default treats files already on the system before CIS install as "Safe" like CIS 8 Stable?

Yes. Nothing has changed in this regard.

This is why it is best to clean install OS and then install CIS immediately afterwards - to get the most complete system monitoring as is possible with the product.

 

[vivid]

Expect bugs? Cant wait to see the change log and all those bugs that got fixed!

That list is never public (& it's available to moderators). You get a better idea from checking user reports, here:
Resolved/Outdated Issues - CIS

 

[Deleted member 2913]

Yes. Nothing has changed in this regard.

This is why it is best to clean install OS and then install CIS immediately afterwards - to get the most complete system monitoring as is possible with the product.

But in CIS 10 Beta, I dont see the sandbox rules for unrecognized set to "Internet"? I think I properly checked the rules.
Guess sandbox rules "Internet" is the setting that makes CIS trust programs before CIS install, right?

 

[hjlbx]

But in CIS 10 Beta, I dont see the sandbox rules for unrecognized set to "Internet"? I think I properly checked the rules.
Guess sandbox rules "Internet" is the setting that makes CIS trust programs before CIS install, right?

No. It is based upon time of installation and hard-coded for built-in monitoring. There is no exposed setting for this. User cannot change it.

 

[Deleted member 2913]

No. It is based upon time of installation and hard-coded for built-in monitoring. There is no exposed setting for this. User cannot change it.

Are you sure?
Coz I think if you use default "Internet" then unrecognized programs already on the system before CIS install are not autosandboxed But if you change "Internet" to "Any" then unrecognized programs already on the system before CIS install will get autosandboxed.
If I remember correctly thats the way CIS works And if I am correct then thats the setting that make CIS trust programs before CIS install.

Currently dont have CIS installed otherwise would have tested it.

 

[hjlbx]

Are you sure?
Coz I think if you use default "Internet" then unrecognized programs already on the system before CIS install are not autosandboxed But if you change "Internet" to "Any" then unrecognized programs already on the system before CIS install will get autosandboxed.
If I remember correctly thats the way CIS works And if I am correct then thats the setting that make CIS trust programs before CIS install.

Currently dont have CIS installed otherwise would have tested it.

CIS' internal behavior analysis and file monitoring is based upon time of installation. It is hard-coded. Behavioral file-monitoring has nothing to do with auto-sandboxing.

What COMODO means by their internal behavior analysis I have absolutely no idea, but it has something to do with Defense+\HIPS and allowing access rights to system resources.

"Internet" and "Any" has to do with file source and auto-sandboxing = downloaded from internet (ADS\zone.identifier).

 

[Deleted member 2913]

Changing "Internet" to "Any" - Unrecognized files already on the system before CIS install will get AutoSandboxed...doesn't this means the option "Any" changed the default behavior of trusting unrecognized files on the system before CIS install to AutoSandbox unrecognized files before CIS install?

 

[hjlbx]

Changing "Internet" to "Any" - Unrecognized files already on the system before CIS install will get AutoSandboxed...doesn't this means the option "Any" changed the default behavior of trusting unrecognized files on the system before CIS install to AutoSandbox unrecognized files before CIS install?

It has to do with file-monitoring - which isn't the same as Recognized\Unrecognized. It has nothing to do with auto-sandboxing. It has something to do with system resource access - to registry, COM objects, file system, etc.

 

[Deleted member 2913]

Changing "Internet" to "Any" will AutoSandbox Unrecognized Files already on the system before CIS install, right?
Just want to know it will or not.

 

[hjlbx]

Changing "Internet" to "Any" will AutoSandbox Unrecognized Files already on the system before CIS install, right?
Just want to know it will or not.

No. Not all - CIS white-lists Unrecognized system\OS files by default - if malware inserts files into certain paths then CIS will white-list those files.

If you want to monitor system files, then you have to untick:

"Trust files signed by Trusted Vendors"

"Trust digitally signed files"

The only way to ensure full protection from CIS is to:

Clean install OS

Immediately install CIS afterwards

 

[Deleted member 2913]

Other than system/OS files will be autosandboxed, right?

 

[Av Gurus]

Here it is my video test CIS v8 @Proactive Config (HIPS & UAC disabled) with EfficacyTest and 36 malicious files:

 

[hjlbx]

Other than system/OS files will be autosandboxed, right?

Yes. That is what I have seen.

 

[Deleted member 2913]

Here it is my video test CIS v8 @Proactive Config (HIPS & UAC disabled) with EfficacyTest and 36 malicious files:

I installed latest Comodo FW on real system Win 10 64 & set to "Internet Security" config as this is the default Comodo config of Comodo Internet Security Suite installed.
I executed EfficacyTest.exe & was not AutoSandboxed, so I checked "Trusted Files" list & EfficacyTest.exe was in "Trusted Files" list i.e EfficacyTest.exe is trusted by CIS. I think this is the prob with CIS test with EfficacyTest.exe.

 

[hjlbx]

I installed latest Comodo FW on real system Win 10 64 & set to "Internet Security" config as this is the default Comodo config of Comodo Internet Security Suite installed.
I executed EfficacyTest.exe & was not AutoSandboxed, so I checked "Trusted Files" list & EfficacyTest.exe was in "Trusted Files" list i.e EfficacyTest.exe is trusted by CIS. I think this is the prob with CIS test with EfficacyTest.exe.

Efficacy test does not function correctly...

 

[Av Gurus]

Efficacy test working OK but Comodo trust that program and everything that this program is doing, even starting malicious files...anyway, it's not good for Comodo

 

[Deleted member 2913]

Efficacy test does not function correctly...

And I dont know how efficacytest.exe is trusted?
I dont see VoodooSoft in trusted vendors.
And I dont see in logs that efficacytest.exe was scanned & found safe.

I had installed CIS & restarted the system And then downloaded EfficacyTest.exe

It seems CCAV uses different Trusted Vendors List, VoodooSoft is in TVL.

 

[hjlbx]

You have to add Efficacy Test to Untrusted - and create an auto-sandbox exception rule for it.

COMODO is such a hot mess... LOL.

 

[vivid]

And I dont know how efficacytest.exe is trusted?
I dont see VoodooSoft in trusted vendors.
And I dont see in logs that efficacytest.exe was scanned & found safe.

I had installed CIS & restarted the system And then downloaded EfficacyTest.exe

It seems CCAV uses different Trusted Vendors List, VoodooSoft is in TVL.

You should use Valkyrie for such checks.