App Review Comodo's killer.

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
@Andy Ful
R

rashmi

Level 14
Jan 15, 2024
667
Andy Ful said:
The below list includes three applications currently blocked (but allowed with 1-day time limit and ignored *.tmp files). The executables are parts of applications installed via UniGetUI.

Example of the block for the uninstall.exe included in the Plex installation Folder in Program FIles.
Click to expand...
I tried again, and yes, Comodo blocked the unknown files from Program Files.
Andy Ful said:
What is the difference between applying an "Ignore" action to the application and not doing this?

When Comodo Auto-containment is set to "Ignore" a particular application, all its actions are ignored too (including possible exploits, *.tmp files, etc.). This is very usable, but not always safe.
Click to expand...
Yes, one should use the "ignore" option for troublesome software or issues.
Andy Ful said:
Not anything, but most of the unknowns.
Which configuration do you propose?
It does not contain/block the unknown DLLs loaded by applications (except for some LOLBins included in the Script Analysis panel).
However, the main problem is with Comodo's alerts. Most children should not be allowed to interact with containment alerts, because they tend to bypass the restrictions.
It is hard to configure CIS/Xcitium to be silent and very strong, without problems with software.
So yes, CIS/Xcitium can be really good for children, but not optimal for parents who must solve problems with silently blocked/contained software.
Click to expand...
On our kids' system, I simply use Comodo Firewall proactive security with the containment/firewall set to block unknown programs.

Have you looked into data protection from ransomware with Comodo?
 
  • Like
Reactions: simmerskool and Andy Ful
Halp2001

Halp2001

New Member
Dec 25, 2024
7
Hello everyone! I would like someone who is more expert than me on the subject, to test Comodo firewall by activating “hips” and selecting the option “Do not show popup alerts / Block requests” and in the Sandbox module “Do NOT show privilege escalation alerts / Block” to know if this would increase protection against unknown malware, POC, etc. Thanks and best regards :)
 
Vitali Ortzi

Vitali Ortzi

Level 29
Verified
Top Poster
Well-known
Dec 12, 2016
1,810
oldschool said:
@cruelsister has often recommended this combo in the past.
Click to expand...
Pretty sure she has defender enabled on her system

Another av she recommended to those looking for an av to combine (those that asked )
Was Kaspersky but anyway she trusts comodo alone and unfortunately looking how easy a dll hijack I personally don't trust it as much
But she's an actual security expert at least judging by her knowledge so I'm not saying she's wrong but really hope she will come back and share some more of her knowledge
 
  • Like
  • Hundred Points
Reactions: simmerskool, Andy Ful and Halp2001
Vitali Ortzi

Vitali Ortzi

Level 29
Verified
Top Poster
Well-known
Dec 12, 2016
1,810
Halp2001 said:
Hello everyone! I would like someone who is more expert than me on the subject, to test Comodo firewall by activating “hips” and selecting the option “Do not show popup alerts / Block requests” and in the Sandbox module “Do NOT show privilege escalation alerts / Block” to know if this would increase protection against unknown malware, POC, etc. Thanks and best regards :)
Click to expand...
Pretty sure it allows it even with hips because it's trusted but probably you can write rules to use hips to monitor at least some actions in trusted executables to prevent a dll hijacking or at least give an alert about that action



Btw it having a flaw doesn't mean I don't recommend and use it on every PC I own and my family's PC
It's excellent at blocking a lot of threats av software have a hard time dealing with and cruel sister countless times showed how different APT threats got restricted with her config and even cia according to vault 7 had a hard time with comodo when it was far more aggressive even blocking system processes they dropped payloads into


What changed is comodo is trying to balance security and usability and to make comodo great against certain methods has a usability cost of false positives
 
Last edited:
  • Like
Reactions: simmerskool, Andy Ful and Halp2001
R

rashmi

Level 14
Jan 15, 2024
667
Halp2001 said:
Hello everyone! I would like someone who is more expert than me on the subject, to test Comodo firewall by activating “hips” and selecting the option “Do not show popup alerts / Block requests” and in the Sandbox module “Do NOT show privilege escalation alerts / Block” to know if this would increase protection against unknown malware, POC, etc. Thanks and best regards :)
Click to expand...
Comodo's protection is ineffective against malware exploiting programs or services in Comodo trust or whitelist databases, a vulnerability for Comodo users.
 
  • +Reputation
  • Like
Reactions: simmerskool and Vitali Ortzi
Vitali Ortzi

Vitali Ortzi

Level 29
Verified
Top Poster
Well-known
Dec 12, 2016
1,810
rashmi said:
Comodo's protection is ineffective against malware exploiting programs or services in Comodo trust or whitelist databases, a vulnerability for Comodo users.
Click to expand...
Wasn't the case in comodo 5.0 at least according to cia but over time comodo has decided for the better to increase usability even having trusted vendors in recent years and this is the cost
if I gone back to old comodo it would have been to unusable because of false positives , possible bsod etc
So Comodo has has to find some solution that isn't too aggressive but should give recommendations for enterprises , advanced users how to workaround this issue meanwhile even if it's aggressive
 
  • Like
Reactions: simmerskool, rashmi and Halp2001
Vitali Ortzi

Vitali Ortzi

Level 29
Verified
Top Poster
Well-known
Dec 12, 2016
1,810
rashmi said:
Comodo's protection is ineffective against malware exploiting programs or services in Comodo trust or whitelist databases, a vulnerability for Comodo users.
Click to expand...
But it's containment technology itself is great although not perfect (check project zero research to see its issues that were fixed but probably just partially and generally how it works )

Was able to block a ton of apt threats and is remarkable


Some benefits is that their solution has much lower performance usage then hypervisors , vms
 
  • Like
Reactions: simmerskool
Vitali Ortzi

Vitali Ortzi

Level 29
Verified
Top Poster
Well-known
Dec 12, 2016
1,810
rashmi said:
Comodo's protection is ineffective against malware exploiting programs or services in Comodo trust or whitelist databases, a vulnerability for Comodo users.
Click to expand...
Script analysis reduces the tricks that can be used but still some like dll hijacking is still an issue till they come up with some solution and I'm sure they eventually will
 
  • Like
Reactions: simmerskool, Andy Ful and Halp2001
R

rashmi

Level 14
Jan 15, 2024
667
Vitali Ortzi said:
I think cruel sister settings are not too bad on usability as you can install a fair amount of popular games , popular piracy with not too many false positives although some here and there
Click to expand...
CruelSister's settings do not affect Comodo's usability or security. Her settings only restrict certain actions for contained programs, providing optional protection. However, they do not enhance Comodo's core protection outside the containment or address any vulnerabilities in Comodo. The claim that her settings block connections from unrecognized programs is also incorrect.
 
  • +Reputation
Reactions: Vitali Ortzi
Vitali Ortzi

Vitali Ortzi

Level 29
Verified
Top Poster
Well-known
Dec 12, 2016
1,810
rashmi said:
CruelSister's settings do not affect Comodo's usability or security. Her settings only restrict certain actions for contained programs, providing optional protection. However, they do not enhance Comodo's core protection outside the containment or address any vulnerabilities in Comodo. The claim that her settings block connections from unrecognized programs is also incorrect.
Click to expand...
It seems to have blocked connection in her videos at what cases it wouldn't block the command and control connection of unrecognized software?
 
  • Like
Reactions: simmerskool and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,702
rashmi said:
The claim that her settings block connections from unrecognized programs is also incorrect.
Click to expand...

She probably had in mind the contained/blocked applications.

1737146865403.png


If an Unrecognized application is not contained (like DLL), this restriction does not work.
 
  • +Reputation
Reactions: simmerskool and Vitali Ortzi

Similar threads

Andy Ful
    • Like
    • +Reputation
App Review AV/EDR challenge
Replies
18
Views
871
Video Reviews - Security and Privacy
Andy Ful
Andy Ful
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Shadowra's Big Comparative - Episode 1 : Free Antivirus
Replies
163
Views
7,537
Video Reviews - Security and Privacy
Artificial intelligence
A
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus (Default Settings + DefenderUI Recommanded Settings)
Replies
34
Views
4,098
Video Reviews - Security and Privacy
lokamoka820
lokamoka820

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top