shmu26

Level 81
Verified
Trusted
Content Creator
Here it is: a Comodo setup for you that works well and protects well.
I called it ComodoFix because it fixes a lot of the most common issues and headaches.
Feel free to comment...

1 Install and configure the antivirus program of your choice. This could be Windows Defender, Kaspersky Free Antivirus, or another AV of your choice. Avoid AVs that have firewall and HIPS components.
Make sure your system is clean of malware before proceeding further.

2 Download Comodo Firewall, and during installation, don't forget to untick these options:

Install.png
Install2.png


Initial setup:

1 Do not switch to Proactive config

2 Do not disable Windows Firewall

3 Disable the highlighted components:

Setup.png


Configure Firewall by creating the following custom rules.
(This will stop Comodo firewall from blocking System files.)
To create custom rules, first select any file on your computer, then double-click on the path (where it says "Name:") and edit it accordingly.

Firewall1.png
Firewall2.png


Configure Autocontainment by changing these rules from "Run virtually" to "Block"

This will block all the suspicious files that might come onto your system, while allowing the safe files that you already have.

Contain.png


What exactly does Autocontainment do in ComodoFix config?
It blocks all files that fall into one or more of the following categories:
1 Unrecognized and less than 3 days old.
2 Unrecognized and originating from Intranet, Removable Media, or Internet.
3 Unrecognized and created by Web Browsers, Email Clients, File Downloaders, File Archivers, or Management and Productivity Apps.
4 Found in suspicious locations.


Lockdown mode:

If you want to harden the config, do as follows.

1 In Advanced protection/Script Analysis, enable everything in the list.
(The actual list is longer than shown in the screenshot.)

2 Disable notifications so all suspicious files will be automatically blocked. You will probably get a Windows error message when a file is blocked, and if you want to allow it, just open Comodo and "trust" that file. You will find it in the blocked list.

3 Customize the Trusted Vendors list as desired, and consider disabling Cloud lookup.


Script.png
UI.png




FAQ:

Does ComodoFix solve all known and unknown Comodo bugs?

No. But it does solve a lot of the most common issues and headaches.

Do I still need an antivirus program?
I advise people with advanced security solutions to use AV as well, just as I would advise people with pants to also use underwear.

What's so great about Comodo in general, and this config in particular? Why should I use it?
Comodo Firewall offers great default-deny protection and runs super light. And it is chock full of valuable tweaks, for those so inclined. And it's free. This config just makes it easier, that's all.

Should I tweak script protection? Will it cause issues?
That's up to you. Depending on your software, you might experience issues, especially with cmd.exe. If you experience an issue, and whitelisting the command line does not help, then revert the troublesome process to its default settings.

Is ComodoFix different from CruelComodo, and if so, should I switch to ComodoFix?
Yes, it is significantly different. No, you should not switch unless you are experiencing issues.

Is this the ultimate lockdown setup? Will my computer be Fort Knox?
Your computer might be Fort Knox (I never tried to break into a fort, so I can't say for sure) but this is not the ultimate lockdown setup. You can further enhance protection with Andy Ful's free tools:
ConfigureDefender, Hard_Configurator, FirewallHardening, and RunBySmartscreen. If Andy puts out any new tools, use them too!
 
Last edited:

shmu26

Level 81
Verified
Trusted
Content Creator
This is basically what I do to tune Comodo Antivirus :)
Why you suggest not to switch to proactive security?
Because Autocontainment, in Proactive config, will block software that you already installed and know for a fact that it is safe. In the default Firewall config, it won't do that.

To illustrate the point, I tried this config out with Kaspersky Free Antivirus 2020, and for some reason, Comodo had a problem reading the signatures of the running processes, and classified them as unrecognized. But since I was in Firewall config, they were not blocked by Autocontainment. If I was in Proactive config, it would have caused a major mess-up.
 

imuade

Level 8
Verified
Because Autocontainment, in Proactive config, will block software that you already installed and know for a fact that it is safe. In the default Firewall config, it won't do that.

To illustrate the point, I tried this config out with Kaspersky Free Antivirus 2020, and for some reason, Comodo had a problem reading the signatures of the running processes, and classified them as unrecognized. But since I was in Firewall config, they were not blocked by Autocontainment. If I was in Proactive config, it would have caused a major mess-up.
After installing Comodo, I usually run a rate scan and I manually set any unknown to safe (if I'm sure it is safe of course)
 

shmu26

Level 81
Verified
Trusted
Content Creator
After installing Comodo, I usually run a rate scan and I manually set any unknown to safe (if I'm sure it is safe of course)
That's smart.
I once made the major mistake of installing Comodo Proactive config on top of AppGuard beta, not knowing that AppGuard had been removed from the list of Trusted Vendors. Oh boy, that was fun to untangle...
 

Robbie

Level 27
Verified
Content Creator
Hi, thanks for the share! How does auto-containment work exactly with shmuCFW? Will it block all unsigned/signed by not trusted vendor files? Will it sandbox them? Should I keep HIPS and Viruscope OFF forever? And does your configuration avoids many known CSCFW bugs? Can it be used without AV?

Thanks in advance.
 

shmu26

Level 81
Verified
Trusted
Content Creator
Hi, thanks for the share! How does auto-containment work exactly with shmuCFW? Will it block all unsigned/signed by not trusted vendor files? Will it sandbox them? Should I keep HIPS and Viruscope OFF forever? And does your configuration avoids many known CSCFW bugs? Can it be used without AV?
Hi, the autocontainment in ComodoFix works by blocking -- not sandboxing -- all suspicious files. But files that were on your system before you install Comodo are not classified as suspicious. As long as they do not run scripts, that is.

As for bugs, my main goal is to bypass the bugs of random blocking of system files by the firewall and HIPS components. If you enable HIPS, you will be exposed once again to all the bugs that are entailed.

If you feel that Viruscope is valuable, by all means turn it on. It won't cause problems AFAIK.
 

shmu26

Level 81
Verified
Trusted
Content Creator
I'm wishing he'd tell me exactly what bugs we would be ditching, because if it's true we're facing Umbra Total Security's replacement.
It's not really a replacement for Umbra total security. The moderators added to my overly short title of the thread, and that's why it sounded that way, but I later edited the title to
ComodoFix - Set up COMODO for Trouble-free Protection
which I think is more to the point.

In any case, you asked before if you can run it without AV. I advise people to run AV along with their advanced security solution, just like I would advise people with pants to also wear underpants. :)

What exactly does Autocontainment do in ComodoFix config?
It blocks all files that fall into one or more of the following categories:
1 Unrecognized and less than 3 days old.
2 Unrecognized and originating from Intranet, Removable Media, or Internet.
3 Unrecognized and created by Web Browsers, Email Clients, File Downloaders, File Archivers, or Management and Productivity Apps.
4 Found in suspicious locations.
 

simmerskool

Level 7
This is it, Ladies and Gentlemen: a Comodo setup that fixes the glaring issues!
It is called (tentatively) ComodoFix.
A work in progress, please feel free to comment...
I've been running cf@cs cruelcomodo, and did not recall ever looking at Advanced Protection | Script Analysis and see the many of my Embedded Code Detection are grey off while yours are green on. Are you then recommending turn on all / enable / protect all the scripts both heuristic & embedded?? I've been "comfortable" running cruelcomodo, Are your settings, recommended and will setting the scripts as you suggest create "user problems"
 

shmu26

Level 81
Verified
Trusted
Content Creator
I've been running cf@cs cruelcomodo, and did not recall ever looking at Advanced Protection | Script Analysis and see the many of my Embedded Code Detection are grey off while yours are green on. Are you then recommending turn on all / enable / protect all the scripts both heuristic & embedded?? I've been "comfortable" running cruelcomodo, Are your settings, recommended and will setting the scripts as you suggest create "user problems"
I included the enhanced script protection only in the "lockdown mode" section because it might cause user problems, depending on your software. The most likely to cause problems is cmd.exe. In many cases, all you will have to do is whitelist the specific script(s) that are blocked. But there are also cases where the software generates bat files with a random file name or path. In that case, it will get blocked every time, and whitelisting it will not help.
 

shmu26

Level 81
Verified
Trusted
Content Creator
FAQ:

Is ComodoFix different from CruelComodo, and if so, should I switch to ComodoFix?

Yes, it is significantly different. No, you should not switch unless you are experiencing issues.

Does ComodoFix solve all known and unknown Comodo bugs?
No. But it does solve a lot of the most common issues and headaches.

Do I still need an antivirus program?
I advise people with advanced security solutions to use AV as well, just as I would advise people with pants to also use underwear.

What's so great about Comodo in general, and this config in particular? Why should I use it?
Comodo Firewall offers great default-deny protection and runs super light. And it is chock full of valuable tweaks, for those so inclined. And it's free. This config just makes it easier, that's all.

Should I tweak script protection? Will it cause issues?
That's up to you. Depending on your software, you might experience issues, especially with cmd.exe. If you experience an issue, and whitelisting the command line does not help, then revert the troublesome process to its default settings.

Is this the ultimate lockdown setup? Will my computer be Fort Knox?
Your computer might be Fort Knox (I never tried to break into a fort, so I can't say for sure) but this is not the ultimate lockdown setup. You can further enhance protection with Andy Ful's free tools:
ConfigureDefender, Hard_Configurator, FirewallHardening, and RunBySmartscreen. If Andy puts out any new tools, use them too!
 
Last edited:

Andy Ful

Level 44
Verified
Trusted
Content Creator
It is a pretty nice setup. Its efficiency will depend on how good is blocking executables:
"3 Unrecognized and created by Web Browsers, Email Clients, File Downloaders, File Archivers, or Management and Productivity Apps.
4 Found in suspicious locations.
"

I think that it would be good to test on Malware Hub the above Comodo features and efficiency of blocking malicious scripts.(y)
 

Decopi

Level 2
Hi! Please just a simple question: For the past 2 years I've been using CruelComodoFirewall (CCF)... everything is almost perfect... never big issues... no infections... and no incompatibilities with Windows or other software. However, when eventually CCF finds an unrecognized file and activates auto-containment, sometimes (not always), CCF deletes the unrecognized file, not just blocking, but also deleting it. Sometimes the deleted file is a malware (that I am testing), and my guess is that CCF deletes it, because my "File Rating" is enabled (and the file is flagged as malware). But sometimes the deleted file is not a malware, is just an unreconized file to CCF. Does anybody has an explanation? May be a is a CF' bug? Is there a way to avoid any CCF' file deletion?