- Mar 27, 2017
- 160
Can comodo protect my folders from any modification like encryption of the data contained in them if i add my folders in protected data folders group of hips,with hips being turned on?
comodo protected data folders vs ransomwares
- Thread starter Prayag
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Status
- Jul 3, 2015
- 8,153
Protected data folders will shield those areas on your system from any unrecognized process.
But if the encryptor was mistakenly categorized, and given trusted status, then Protected data folders will not help you. So to a certain extent, this feature is redundant.
But if the encryptor was mistakenly categorized, and given trusted status, then Protected data folders will not help you. So to a certain extent, this feature is redundant.
- Nov 15, 2016
- 97
Good Idea, you want to add any folder so that any file inside that folder are safe from Ransomware.
But to do this, you must add new folder in Protected Files, not Protected Data Folders.
Here is the different: (Source)
If you specified a new folder to Protected Data Folders, you just protect it from Sandbox Process. But if you add to Protected Files, you protect it from 'Real Process', not just Sandboxed Process.
Nowadayas, Ransomware come along with trusted programs (Windows Macro Script, Powershell, Bitsadmin), not with unrecognized programs. So, I afraid that Ransomware process cannot be included in Auto-Containment.
But to do this, you must add new folder in Protected Files, not Protected Data Folders.
Here is the different: (Source)
- Protected Files - Allows you to specify programs, applications and files that are to be protected from changes
- Protected Data Folders - Allows you prevent contained programs from accessing files inside specific, protected folders
If you specified a new folder to Protected Data Folders, you just protect it from Sandbox Process. But if you add to Protected Files, you protect it from 'Real Process', not just Sandboxed Process.
Nowadayas, Ransomware come along with trusted programs (Windows Macro Script, Powershell, Bitsadmin), not with unrecognized programs. So, I afraid that Ransomware process cannot be included in Auto-Containment.
- Jul 3, 2015
- 8,153
That is how they make it sound in the Comodo help, but it doesn't really work that way. It only protects those areas from changes made by unrecognized processes.
I added my entire C drive to protected files, and it did not prevent changes made by trusted processes.
Try it out and you will see.
- Nov 15, 2016
- 97
Yeah, I know.. But that happen only on Safe Mode. Not in Paranoid Mode.
- Dec 29, 2014
- 1,711
When it comes to protecting files, this is where Comodo could really blow malware away...a little bit smarter HIPs for some things and a little bit smarter alerts for some things. If Comodo's HIPs could know that everyone wants Paranoid for protecting personal files, that would be very helpful. What's to lose, since there aren't any user data area entries in the Protected Files area when Comodo is installed? Nobody's system is going to be borked over that setting always being Paranoid for some purposes. For example, that could be applied to start ups and scheduled tasks too. Then add a real knockdown alert for behaviors common to ransomware, spyware, bankware as part of Viruscope or Valkyrie.
A little bit smarter and Comodo will be a huge player in $$$ enterprise security if they can also create network security/command control like Kaspersky and Sophos and the other big enterprise players. And they can afford to keep the program free for home use!
A little bit smarter and Comodo will be a huge player in $$$ enterprise security if they can also create network security/command control like Kaspersky and Sophos and the other big enterprise players. And they can afford to keep the program free for home use!
Last edited:
- Jul 3, 2015
- 8,153
Thanks for info, I didn't know that. I gotta try out that paranoid mode again...
Actually, now that I think about it, maybe that is why I had such severe "forgetting rules" problems when I switched to Paranoid mode last time. I think I had ?:* as an entry in Protected Files. Duh...
Last edited:
- Nov 15, 2016
- 97
Paranoid Mode ignore Comodo safe list and does not attempt to learn the behavior of any applications for automatically Allow them. It depend solely on User Configurations in HIPS Rules and Rulesets.
When it comes to protecting files, this is where Comodo could really blow malware away...a little bit smarter HIPs for some things and a little bit smarter alerts for some things. If Comodo's HIPs could know that you want Paranoid for protecting your files, that would be very helpful. What's to lose, since there aren't any entries in the Protected Files area when Comodo is installed? Nobody's system is going to be borked over that setting always being Paranoid. That could be applied to start ups and scheduled tasks too. Then add a real knockdown alert for behaviors common to ransomeware, spyware, bankware.
A little bit smarter and Comodo will be a huge player in $$$ enterprise security if they can also create network security/command control like Kaspersky and Sophos and the other big enterprise players. And they can afford to keep the program free for home use!
Maybe in future, Comodo should Create addition Rules in HIPS that would Restrict (Block/Ask their access to Protected File/Folders) certain legitimate Windows process like mshta.exe, Rundll32.exe, Bitsadmin.exe, regsvr32.exe, Powershell.exe , wscript.exe, cscript.exe that often be used by Ransomware to Run a bad Script. So, we shouldn't switch to paranoid mode to Defending Ransomware.
Example in Eset: Configure HIPS rules for ESET business products to protect against ransomware
Last edited:
- Status
Similar threads
