shmu26

Level 85
Verified
Trusted
Content Creator
Your right, I left everything in Default. However, the only way I get Roboform to work, leaving the left script button on is to Unblock CMD.exe in the Blocked List for the Security Program that blocked it. That in effect creates an Ignore Rule in Containment rules, and Roboform is back to normal. See my further screenshots.View attachment 216654View attachment 216653View attachment 216655
I see. Maybe someone else who uses Roboform can tell us what is going on under the hood? I never used it. Cmd.exe is by far the hardest script interpreter to control, because so many programs use it.
 

SearchLight

Level 11
Verified
I see. Maybe someone else who uses Roboform can tell us what is going on under the hood? I never used it.
So in regard to CMD.exe, I should still leave the left toggle for CMD.exe, on(green), and use the Unblock Function for any security program that blocks it?

Aside from this particular exe. with your config I should not have any further problems with everything set like you described? For point of info, in my case here, the problem shows up as a Block File, not as Unrecognized File. Is this normal?
 

shmu26

Level 85
Verified
Trusted
Content Creator
So in regard to CMD.exe, I should still leave the left toggle for CMD.exe, on(green), and use the Unblock Function for any security program that blocks it?
Yes, I would do it that way.
Aside from this particular exe. with your config I should not have any further problems with everything set like you described?
Probably. But it depends on your software. If you start running programs that use powershell or mshta or wscript, you will see blocks. However, these programs are not so common.
For point of info, in my case here, the problem shows up as a Block File, not as Unrecognized File. Is this normal?
Yes, it is normal for cmd.exe to be recognized.
Whether cmd.exe itself will be blocked, or whether it will create a script file that is blocked -- that depends on how roboform works. I am not familiar with the program.
 

shmu26

Level 85
Verified
Trusted
Content Creator
I am running this config again, but I added a couple allow entries to the firewall:
C:\Program Files (x86)\*
C:\Program Files\*

This is in addition to the previously mentioned allow entries:
C:\Windows\*
C:\ProgramData\Microsoft\Windows Defender\*

With these firewall rules, Comodo is very quiet. The log doesn't show any blocking of processes that should have been allowed.
 

shmu26

Level 85
Verified
Trusted
Content Creator
I wanted to say thank you for this setup if i setup them up again i sure will use this
Thanks. I wouldn't try to claim that ComodoFix is the ultimate lockdown setup, but in my real-world experience, it works, and that's what is important to me. Protecting against theoretical threats that I will probably never encounter is nice, but protecting against real threats that I do encounter is more important. Especially since it does not impact system performance, does not mess up my legit software, and works silently. And it's free. :)
 

show-Zi

Level 25
Verified
but in my real-world experience, it works, and that's what is important to me. Protecting against theoretical threats that I will probably never encounter is nice, but protecting against real threats that I do encounter is more important. Especially since it does not impact system performance
Agree. This is similar to the reason why tanks are not necessary for home security.
 
F

ForgottenSeer 823865

Agree. This is similar to the reason why tanks are not necessary for home security.
Indeed, however people like me, with a corporate mindset/experience can't just get along with classic AVs (or stockpiling solutions) and needs serious and efficient Default-Deny.
I shifted to Win10 Enterprise with 1903 for that exact reason and i dont regret it.
Just using and customizing built-in security feature offered by enterprise version gave me peace of mind, i can now toy with 3rd party stuff like AppGuard or OSA knowing the bedrock of my system is more than secure.

Different use, different needs, different strategy.
 

show-Zi

Level 25
Verified
Indeed, however people like me, with a corporate mindset/experience can't just get along with classic AVs (or stockpiling solutions) and needs serious and efficient Default-Deny.
I shifted to Windows 10 Enterprise with 1903 for that exact reason and i dont regret it.
Just using and customizing built-in security feature offered by enterprise version gave me peace of mind, i can now toy with 3rd party stuff like AppGuard or OSA knowing the bedrock of my system is more than secure.

Different use, different needs, different strategy.
I understand and agree with your opinion. Security is considered to be a combination of software and user knowledge. There is no best security software that can be recommended for all users because it is influenced by their knowledge.

I personally believe that reviewing comodo settings is a good way to gain knowledge about security software.
 

Back3

Level 5
I understand and agree with your opinion. Security is considered to be a combination of software and user knowledge. There is no best security software that can be recommended for all users because it is influenced by their knowledge.

True, I helped a friend harden his computer last week. He's not very good with computers. So I just added a few security extensions in Chrome; Configure Defender with a high profile, a good password manager and Zemana free on demand. I showed him how to use Zemana and clean Chrome once a week. That's all. Every six months, I check and tune his computer. Make all the required software updates.He should be fine.
 

HarborFront

Level 54
Verified
Content Creator
Yup, thinking of setting up CIS on my newly formatted MS SP3 tablet with Win 10 2004 May update.


Edited - Removed 2 questions


Questions

1) Between your setup and CruelComodo set up can you elaborate on differneces and which is better in terms of protection, less problmes, less notifications etc
2) So your setup runs in Safe Mode. Auto-containment is NOT available in Safe Mode, right?

Thanks
 
Last edited:

JoyousBudweiser

Level 9
Verified
4) I have OS Armor installed. Is it good to sandbox it?
If you sandbox ( a virtual environment) a process (application) changes made by that will not be saved, everything will get reverted on clearing the sandbox or on reboot. OS armor is effective only when the changed made by it is saved and permanant. The purpose of that application will not be served if you sandbox it. you only sandbox a process which is vulnerable like a browser or a pdf viewer or an unknown process etc not the one which provides security to your system.
 
Top