Does CIS 10 Beta default treats files already on the system before CIS install as "Safe" like CIS 8 Stable?From there you can see what is blocked and what is not, you can also unblock safe files that where block.
From my tests CIS 10 doesn't always show if a file is blocked or not, using unblock applications you can see that
Comodo Internet Security v10.0.0.5144 BETA
- Thread starter Senkei
- Start date
- Status
Yes. Nothing has changed in this regard.
This is why it is best to clean install OS and then install CIS immediately afterwards - to get the most complete system monitoring as is possible with the product.
- Dec 8, 2014
- 206
That list is never public (& it's available to moderators). You get a better idea from checking user reports, here:
Resolved/Outdated Issues - CIS
But in CIS 10 Beta, I dont see the sandbox rules for unrecognized set to "Internet"? I think I properly checked the rules.
Guess sandbox rules "Internet" is the setting that makes CIS trust programs before CIS install, right?
No. It is based upon time of installation and hard-coded for built-in monitoring. There is no exposed setting for this. User cannot change it.
Are you sure?
Coz I think if you use default "Internet" then unrecognized programs already on the system before CIS install are not autosandboxed But if you change "Internet" to "Any" then unrecognized programs already on the system before CIS install will get autosandboxed.
If I remember correctly thats the way CIS works And if I am correct then thats the setting that make CIS trust programs before CIS install.
Currently dont have CIS installed otherwise would have tested it.
CIS' internal behavior analysis and file monitoring is based upon time of installation. It is hard-coded. Behavioral file-monitoring has nothing to do with auto-sandboxing.
What COMODO means by their internal behavior analysis I have absolutely no idea, but it has something to do with Defense+\HIPS and allowing access rights to system resources.
"Internet" and "Any" has to do with file source and auto-sandboxing = downloaded from internet (ADS\zone.identifier).
Changing "Internet" to "Any" - Unrecognized files already on the system before CIS install will get AutoSandboxed...doesn't this means the option "Any" changed the default behavior of trusting unrecognized files on the system before CIS install to AutoSandbox unrecognized files before CIS install?
It has to do with file-monitoring - which isn't the same as Recognized\Unrecognized. It has nothing to do with auto-sandboxing. It has something to do with system resource access - to registry, COM objects, file system, etc.
Changing "Internet" to "Any" will AutoSandbox Unrecognized Files already on the system before CIS install, right?
Just want to know it will or not.
Just want to know it will or not.
No. Not all - CIS white-lists Unrecognized system\OS files by default - if malware inserts files into certain paths then CIS will white-list those files.
If you want to monitor system files, then you have to untick:
"Trust files signed by Trusted Vendors"
"Trust digitally signed files"
The only way to ensure full protection from CIS is to:
Clean install OS
Immediately install CIS afterwards
- Sep 22, 2014
- 1,767
Here it is my video test CIS v8 @Proactive Config (HIPS & UAC disabled) with EfficacyTest and 36 malicious files:
I installed latest Comodo FW on real system Win 10 64 & set to "Internet Security" config as this is the default Comodo config of Comodo Internet Security Suite installed.
I executed EfficacyTest.exe & was not AutoSandboxed, so I checked "Trusted Files" list & EfficacyTest.exe was in "Trusted Files" list i.e EfficacyTest.exe is trusted by CIS. I think this is the prob with CIS test with EfficacyTest.exe.
- Sep 22, 2014
- 1,767
Efficacy test working OK but Comodo trust that program and everything that this program is doing, even starting malicious files...anyway, it's not good for Comodo
And I dont know how efficacytest.exe is trusted?
I dont see VoodooSoft in trusted vendors.
And I dont see in logs that efficacytest.exe was scanned & found safe.
I had installed CIS & restarted the system And then downloaded EfficacyTest.exe
It seems CCAV uses different Trusted Vendors List, VoodooSoft is in TVL.
Last edited by a moderator:
You have to add Efficacy Test to Untrusted - and create an auto-sandbox exception rule for it.
COMODO is such a hot mess... LOL.
COMODO is such a hot mess... LOL.
- Dec 8, 2014
- 206
- Status
