Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
Comodo Project Experimental Configuration All Welcome
Message
<blockquote data-quote="AtlBo" data-source="post: 831994" data-attributes="member: 32547"><p>You and me too Decopi lol...</p><p></p><p></p><p></p><p>Thanks for the list [USER=32260]@Andy Ful[/USER]. I am thinking of possibly some special HIPs rules that will allow all but some of the monitored behaviors for say certain types of executables and location based.</p><p></p><p>Getting started last night I ran into trouble almost right away. I decided to take a look at the HIPs "Protected Objects" dialog, hoping to establish a firm link between that dialog and the HIPs monitored behavior protection for "Protected Files/Folders" (HIPs Settings->monitoring settings). I dropped a folder of files on a flash drive. Then I added a rule to Protected Objects->Protected Files to protect the contents of the folder (E:\Test Folder\*) and ran a cmd script to delete the contents. I had turned off the container, but the HIPs did not alert. I tried it a dozen times and then added the location to "Protected Data". So then I just ran the test again today, and it worked Hallelluya. I don't know, maybe it was settings lag or a need for a reboot for the setting to work? At any rate, I still don't know what Protected Objects->Protected Data is for. The good news is that deleting files is blocked with the HIPs "Protected Files/Folders" monitoring based rule activated (HIPs settings->monitoring settings (next to mode selection at top of settings)). What I read from Comodo help stated that the files become read only, but as per usual with Comodo help, there is no comprehensive list of what the protection does, so I wasn't sure it would block file deletes. Easy File Locker handles read only and delete separately, giving the user the choice to block deletes. It would have been a deal breaker for protecting files/locations with Comodo if the program did not block deletes with this HIPs setting. At any rate, I feel safer having the files protected this way, even remembering that I have played unsuccessfully with this before. Wonder if settings lag or need for a reboot got me then too...</p><p></p><p>Now I am considering setting up a HIPs rule for all executables or all applications to protect just with this one HIPs rule. Maybe I will need two or three rules for this, idk, because I have to think of the affects of global type rules such as "all executables" on the other protected areas, not just ones that I add. Could be I end up going through alert by alert to set up exceptions for a ton of actions of executable, not sure. That could be alot of work, but I think many aren't aware that Comodo HIPs helps users set up exceptions from alerts.</p><p></p><p>Here at first with HIPs, the idea is to create an Easy File Locker type of protection for backup drives and then decide from alerts which applications can have access to these "Protected Files". Again, there is the potential problem that the entire HIPs monitoring of "Protected Files/Folders" must be considered. It is defined in the Protected Objects area, but there is only the one way to protect a location from unwanted writes, meaning that any HIPs rule based on "Protected Files/Folders" monitoring that is then universal in scope will affect all the areas in the "Protected Objects" area, including the Comodo default areas. Can't just think of designing a rule for use with the one area I have added. Do I want to have every single executable alerting me for every one of the locations listed by Comodo (not just "Unrecognized")? I might try it and see how it works a little later today.</p><p></p><p>Maybe this can be rethought some, but I am not sure until I look over everything in "Protected Objects". Seems to me Comodo could make this simpler by making it possible to choose for, for example, "All executables" an option from within the new rule dialog for, say, "located in program folders" or "located in user areas". I have noticed this about Comodo HIPs rules. The containment rules have options but not so much so the HIPs ones.</p><p></p><p>I appreciate the responses and support. It might be a while before I get to setting up nice rules packages, but I am hoping I can really get somewhere this time. I'll definitely be looking for some ideas, but folder/drive protection is a great start for me at this point. Simple as adding the location/drive to the HIPs->Protected Objects->Protected Files area...<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite125" alt=":LOL:" title="Laugh :LOL:" loading="lazy" data-shortname=":LOL:" /></p></blockquote><p></p>
[QUOTE="AtlBo, post: 831994, member: 32547"] You and me too Decopi lol... Thanks for the list [USER=32260]@Andy Ful[/USER]. I am thinking of possibly some special HIPs rules that will allow all but some of the monitored behaviors for say certain types of executables and location based. Getting started last night I ran into trouble almost right away. I decided to take a look at the HIPs "Protected Objects" dialog, hoping to establish a firm link between that dialog and the HIPs monitored behavior protection for "Protected Files/Folders" (HIPs Settings->monitoring settings). I dropped a folder of files on a flash drive. Then I added a rule to Protected Objects->Protected Files to protect the contents of the folder (E:\Test Folder\*) and ran a cmd script to delete the contents. I had turned off the container, but the HIPs did not alert. I tried it a dozen times and then added the location to "Protected Data". So then I just ran the test again today, and it worked Hallelluya. I don't know, maybe it was settings lag or a need for a reboot for the setting to work? At any rate, I still don't know what Protected Objects->Protected Data is for. The good news is that deleting files is blocked with the HIPs "Protected Files/Folders" monitoring based rule activated (HIPs settings->monitoring settings (next to mode selection at top of settings)). What I read from Comodo help stated that the files become read only, but as per usual with Comodo help, there is no comprehensive list of what the protection does, so I wasn't sure it would block file deletes. Easy File Locker handles read only and delete separately, giving the user the choice to block deletes. It would have been a deal breaker for protecting files/locations with Comodo if the program did not block deletes with this HIPs setting. At any rate, I feel safer having the files protected this way, even remembering that I have played unsuccessfully with this before. Wonder if settings lag or need for a reboot got me then too... Now I am considering setting up a HIPs rule for all executables or all applications to protect just with this one HIPs rule. Maybe I will need two or three rules for this, idk, because I have to think of the affects of global type rules such as "all executables" on the other protected areas, not just ones that I add. Could be I end up going through alert by alert to set up exceptions for a ton of actions of executable, not sure. That could be alot of work, but I think many aren't aware that Comodo HIPs helps users set up exceptions from alerts. Here at first with HIPs, the idea is to create an Easy File Locker type of protection for backup drives and then decide from alerts which applications can have access to these "Protected Files". Again, there is the potential problem that the entire HIPs monitoring of "Protected Files/Folders" must be considered. It is defined in the Protected Objects area, but there is only the one way to protect a location from unwanted writes, meaning that any HIPs rule based on "Protected Files/Folders" monitoring that is then universal in scope will affect all the areas in the "Protected Objects" area, including the Comodo default areas. Can't just think of designing a rule for use with the one area I have added. Do I want to have every single executable alerting me for every one of the locations listed by Comodo (not just "Unrecognized")? I might try it and see how it works a little later today. Maybe this can be rethought some, but I am not sure until I look over everything in "Protected Objects". Seems to me Comodo could make this simpler by making it possible to choose for, for example, "All executables" an option from within the new rule dialog for, say, "located in program folders" or "located in user areas". I have noticed this about Comodo HIPs rules. The containment rules have options but not so much so the HIPs ones. I appreciate the responses and support. It might be a while before I get to setting up nice rules packages, but I am hoping I can really get somewhere this time. I'll definitely be looking for some ideas, but folder/drive protection is a great start for me at this point. Simple as adding the location/drive to the HIPs->Protected Objects->Protected Files area...:LOL: [/QUOTE]
Insert quotes…
Verification
Post reply
Top
