App Review Comodo's killer.

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
@Andy Ful
R

rashmi

Level 14
Jan 15, 2024
667
Andy Ful said:
She probably had in mind the contained/blocked applications.

If an Unrecognized application is not contained (like DLL), this restriction does not work.
Click to expand...
I didn't mean it was CruelSister's claim, as she's already addressed it in this thread.
malwaretips.com

Serious Discussion - Comodo Containment "Restricted" Restriction Level

For Containment, some Comodo users opt for @cruelsister's configuration, which primarily includes Proactive Configuration + Restricted (Restriction Level). According to @cruelsister, the "restricted" level prevents network connections from contained programs. Comodo users who use CruelConfig...
malwaretips.com malwaretips.com
 
  • Like
Reactions: Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,702
I did not name my "conclusion" post the conclusion, so I do it now more clearly. :)

Suggestions for MT members who want to use CIS on their computers.
  1. It is OK to use the @cruelsister settings but be cautious when opening documents with macros or files from disk images, flash drives, and archives. Those files are common attack vectors for abusing Trusted applications and bypassing CIS protection.
  2. One can maximize the protection against abusing Trusted applications by:
    - using the 7-Zip trick for disk images and archives,
    - disabling execution from flash drives,
    - disabling macros in office applications,
    - tweaking Comodo's Script Analysis settings.

Administrators in organizations (small businesses) can consider
  • using SUA,
  • disabling macros in office documents,
  • tweaking Comodo's Script Analysis settings,
  • applying the @cruelsister settings (silent setup) with disabled cloud lookup and reduced Trusted Vendors list.
    Only selected signed (also self-signed) applications will be allowed when the vendors are included on the reduced Trusted Vendors list.
    Other applications will be contained. Such vendors like Microsoft and Comodo must be included on that list.
 
Last edited:
  • +Reputation
  • Applause
Reactions: ErzCrz, Halp2001 and Vitali Ortzi
Nikola Milanovic

Nikola Milanovic

Level 4
Verified
Oct 17, 2023
178
Andy Ful said:
I did not name my "conclusion" post the conclusion, so I do it now more clearly. :)

Suggestions for MT members who want to use CIS on their computers.
  1. It is OK to use the @cruelsister settings but be cautious when opening documents with macros or files from disk images, flash drives, and archives. Those files are common attack vectors for abusing Trusted applications and bypassing CIS protection.
  2. One can maximize the protection against abusing Trusted applications by:
    - using the 7-Zip trick for disk images and archives,
    - disabling execution from flash drives,
    - disabling macros in office applications,
    - tweaking Comodo's Script Analysis settings.

Administrators in organizations (small businesses) can consider
  • using SUA,
  • disabling macros in office documents,
  • tweaking Comodo's Script Analysis settings,
  • applying the @cruelsister settings (silent setup) with disabled cloud lookup and reduced Trusted Vendors list.
    Only selected signed (also self-signed) applications will be allowed when the vendors are included on the reduced Trusted Vendors list.
    Other applications will be contained. Such vendors like Microsoft and Comodo must be included on that list.
Click to expand...
If u disable Cloud then how will Xcitium rate the files as Malicious or Safe?
Will it be Unknown forever?
 

Similar threads

Andy Ful
    • Like
    • +Reputation
App Review AV/EDR challenge
Replies
18
Views
870
Video Reviews - Security and Privacy
Andy Ful
Andy Ful
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Shadowra's Big Comparative - Episode 1 : Free Antivirus
Replies
163
Views
7,530
Video Reviews - Security and Privacy
Artificial intelligence
A
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus (Default Settings + DefenderUI Recommanded Settings)
Replies
34
Views
4,098
Video Reviews - Security and Privacy
lokamoka820
lokamoka820

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top