Advice Request Comodo Internet Security Setup/configuration thread

Please provide comments and solutions that are helpful to the author of this topic.

Does this thread helped/informed you?


  • Total voters
    94
Status
Not open for further replies.
D

Deleted member 178

Thread author
Hi guys,

Since many of us use Comodo IS, i decided to create this thread to share our skills of CIS/CFW, indeed some of us don't have the knowledge to tighten CIS by themselves without hampering their system. I hope this thread will help.
 
Last edited by a moderator:
D

Deleted member 178

Thread author
I guess you have reconstructed the Trusted Vendors List?

yes, im doing it , i will surely finish next century since the list is huge :p

Hi @Umbra

Wanted to know if you include the BB also during installation?

Proactive Mode activate the BB (called gain Auto-Sandbox) & HIPS

so far i finally managed to make sandboxie and CIS works together with some browsers; only installed chromium-based browsers (except Chromodo) have issues and couldn't start in Sandboxie. i dont why yet, i surely missed something.

@Jack @hjlbx @cruelsister you are all invited to share your config, i know yours are quite good setup
 

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
By the way, I hope someone could share his HIPS rules, especially the HIPS rules established manually.:)
Of course, specific HIPS rules depend on the system and softwares installed. But maybe you can share your strategies and ideas on how to establish the HIPS rules.

In addition, I also hope to learn some firewall rules for network ports.:)
I have read some firewall rules for network rules, based on CFW or some other software firewall.
Those guides generally contain a series of long lists of ports and rules for the ports, but do not explain the reason.
Without a detailed explanation, we can hardly adjust those firewall rules to adapt them to our own computers.
 
Last edited:
  • Like
Reactions: AtlBo
D

Deleted member 178

Thread author
By the way, I hope someone could share his HIPS rules, especially the HIPS rules established manually.:)
Of course, specific HIPS rules depend on the system and softwares installed. But maybe you can share your strategies and ideas on how to establish the HIPS rules.

In addition, I also hope to learn some firewall rules for network ports.:)
I have read some firewall rules for network rules, based on CFW or some other software firewall.
Those guides generally contain a series of long lists of ports and rules for the ports, but do not explain the reason.
Without a detailed explanation, we can hardly adjust those firewall rules to adapt them to our own computers.

Those are mostly dependent of your system , if i put rulesets here they may wont works for others; but i will try and warn about following those rulesets. Give me time , i just get back with CIS , we were "separated couple" since v6 , so i need to rediscover her :p

edited my config intro: added what type of user may use it without issues in long term.
 
Last edited by a moderator:

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Umbra! I didn't know that you were using Comodo. Most excellent choice. EXCEPT:

Never saw the point in CIS over CF. Both have a Cloud AV, but with CIS one burdens oneself with a locally installed scanner (with definitions). As I really don't know anyone who considers the Comodo AV to be top tier, why bother (actually why bother with any AV- but that is another discussion).

But for those reactionaries who must have a local AV, wouldn't freebies like Avast or BD be a better choice (actually Qihoo is very good and works well with CF- yes, it does have a greater percentage of FP's, but does a better job against Scriptors)?
 
D

Deleted member 178

Thread author
finished editing my trusted vendors list , easy trick to do it:

1- put HIPS on Training mode, disable auto-sandbox
2- select all vendors except microsoft, realtek, ATI, NVIDIA, etc.. mostly your drivers vendors (in case of ^^) by using search box.
3- delete all the others
4- add vendors by selecting them via running processes
5- put back HIPS & Auto-sandbox on safe mode

:D
 
Last edited by a moderator:
D

Deleted member 178

Thread author
Umbra! I didn't know that you were using Comodo. Most excellent choice. EXCEPT:

Never saw the point in CIS over CF. Both have a Cloud AV, but with CIS one burdens oneself with a locally installed scanner (with definitions).

are you sure? i heard different, without the AV you lack something, can't recall what...
 
  • Like
Reactions: AtlBo and Solarlynx

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Proactive Mode activate the BB (called gain Auto-Sandbox) & HIPS

Thanks! By the way, does your configuration affect the use of portableapps.com program?

I used CIS on my old laptop and I notice when I try to run the portable apps program (for instance: keepass), the CIS will somehow auto-sandbox the opened keepass with notification. It happens too when I open my portable firefox.
 
  • Like
Reactions: AtlBo
D

Deleted member 178

Thread author
Thanks! By the way, does your configuration affect the use of portableapps.com program?

not on my system

I used CIS on my old laptop and I notice when I try to run the portable apps program (for instance: keepass), the CIS will somehow auto-sandbox the opened keepass with notification. It happens too when I open my portable firefox.

i have keepass too, no problem with FF portable
 
D

Deleted member 2913

Thread author
are you sure? i heard different, without the AV you lack something, can't recall what...
An expert users like you doesn't need Comodo AV.. even if Comodo AV was top notch I would say the same. Sandbox with Cloud AV part is good for experts in my opinion.

If I remember correctly.. with CAV not installed.. there is no AV exclusion. Alert will give the option to add to trusted files but no AV exclusion.
And I think Cloud AV part in CIS is not pure Cloud AV.. just cloud connection for cloud databases. So there is no file execution blocking time to get verdict/detection from the cloud. So if it gets the verdict instant, malware is blocked & if couldn't get the verdict instant malware is run.

Back in the days users mentioned sometimes Cloud AV couldn't kill the detected malware i.e alert mentioned quarantined but malware processes was still running. But its an old news & guess no probs now.
 
D

Deleted member 178

Thread author
And I think Cloud AV part in CIS is not pure Cloud AV.. just cloud connection for cloud databases. So there is no file execution blocking time to get verdict/detection from the cloud. So if it gets the verdict instant, malware is blocked & if couldn't get the verdict instant malware is run.

Back in the days users mentioned sometimes Cloud AV couldn't kill the detected malware i.e alert mentioned quarantined but malware processes was still running. But its an old news & guess no probs now.

yes that is it , i recall now, thx
 
  • Like
Reactions: AtlBo and Solarlynx
H

hjlbx

Thread author
I used CIS on my old laptop and I notice when I try to run the portable apps program (for instance: keepass), the CIS will somehow auto-sandbox the opened keepass with notification. It happens too when I open my portable firefox.

Some KeePass module(s) is\are Unrecognized by Comodo = not on their Safe List.

You can handle an Unrecognized file - and stop Comodo from blocking\auto-sandboxing it - in a number of ways:

1. In HIPS alert, select Allow and tick "Remember my answer" (creates permanent HIPS rule for action covered by that individual alert).
2. In Sandbox alert, select "Trust this application" (creates auto-sandbox Ignore rule); need HIPS alerts enabled.
3. Run Rating Scan and select "Add to Trusted Files."
4. Go into File List and manually change rating individual files\entire folder from Unrecognized to Trusted.
5. Enable Training Mode during install and initial use of application; CIS will auto-create rules.
6. Submit file to Comodo for white-listing = add to Safe List.

The above the are the main ways. There are even more ways, but it serves no purpose other than to confuse to cover every single one here.

WARNING ! In the HIPS alert, rule creation applies to the file performing the action - and not the target file ! Until a user fully understands how HIPS alerts "Treat as..." options work in CIS, the user is strongly advised not to use any of the "Treat as..." options.

A mistake with the "Treat as..." options can potentially compromise the entire system's security !


So if you select one of the "Treat as..." options, then it will apply to the file on the left side of the HIPS alert - not the object on the right !

A -> -> -> B

"Treat as..." will be applied to A - and not B.
 
H

hjlbx

Thread author
And I think Cloud AV part in CIS is not pure Cloud AV.. just cloud connection for cloud databases. So there is no file execution blocking time to get verdict/detection from the cloud. So if it gets the verdict instant, malware is blocked & if couldn't get the verdict instant malware is run.

Back in the days users mentioned sometimes Cloud AV couldn't kill the detected malware i.e alert mentioned quarantined but malware processes was still running. But its an old news & guess no probs now.

Comodo does not use "pure" antivirus cloud at this time; it is on-going project.

* * * * * *

This is still an issue... and dependent upon user's internet connection speed and CAMAS queue (time it takes for Cloud and verdict to return results to local system).

For example, if HIPS alert appears before Comodo Cloud alert, then HIPS alert will prevail over any subsequent Comodo Cloud alert - and file is not quarantined immediately or blocked and terminated (which action is dependent upon Comodo Cloud settings in File Rating Settings).

It is also dependent upon HIPS timeout setting. Default is 120 sec, mine is set to 999 sec. :D

I replicated this issue a few times when a HIPS alert appeared and I didn't respond to the alert immediately. After allowing the system to set for about 3 or 4 minutes I noticed a Cloud alert. HIPS prevailed over the Cloud.

Initially I thought it was some kind of deranged bug, but I learned it is just a timing quirk.

WARNING ! If you receive a Comodo Cloud alert during an active HIPS for the same file, select "Block and Terminate" within the HIPS alert ! DO NOT SELECT "Allow" within the HIPS alert !

There are other ways this can be handled, but the above is sufficient basic advice to protect system.
 
Last edited by a moderator:
D

Deleted member 2913

Thread author
I have always used CIS defaults. CIS defaults comes with "Internet Security" config. Even with CFW only I use "Internet Security" config. Just some GUI customization & nothing affecting security part.. I only set FW to "ask".

Never faced boot slowdown, system slowdown, infection, probs, etc... Light, good & effective. Overall nothing to complain much about & a happy user.

Just want an option to "ask" instead of autosandbox.
 
  • Like
Reactions: Solarlynx
D

Deleted member 178

Thread author
WARNING ! In the HIPS alert, rule creation applies to the file performing the action - and not the target file ! Until a user fully understands how HIPS alerts "Treat as..." options work in CIS, the user is strongly advised not to use any of the "Treat as..." options.
so for educational purposes, say "File A" triggers an alert because it wants access "File B" , and i select "treat as allowed" , File A will be allowed in the future, but not File B ?


A mistake with the "Treat as..." options can potentially compromise the entire system's security !

i guess in the "block" case; because if you "treat as allow" , the file supposed to be safe at the first place.
 
  • Like
Reactions: Solarlynx
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top