Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Comodo's killer.
Message
<blockquote data-quote="Andy Ful" data-source="post: 1115213" data-attributes="member: 32260"><p><strong>What is the difference between applying an "Ignore" action to the application and not doing this?</strong></p><p></p><p>When Comodo Auto-containment is set to "Ignore" a particular application, all its actions are ignored too (including possible exploits, *.tmp files, etc.). This is very usable, but not always safe. Fortunately, the commonly exploited applications are popular/signed, so they rarely require the "Ignore" action. The cons are that several "Ignore" rules must be added for other applications (mainly to avoid blocks after update).</p><p></p><p>When using a "less than" time limit, Comodo allows running the installed application, but possible exploits, *.tmp files, etc., can still be auto-contained or restricted by Comodo's Script Analysis. Such a solution requires an anti-virus with good signatures to prevent infections by some non-0-day malware. Currently, this solution is not optimal for CIS users but prefers Comodo FIrewall + popular AV. Such a solution (silent setup) can be applied to the computers of happy clickers, children, or inexperienced users.</p><p></p><p>I think that for CIS users (MalwareTips members), the safest solution is not using "less than" time limit and avoiding "Ignore" actions for commonly exploited applications. To prevent most attacks via DLLs, one must be cautious when opening disk images, shortcuts, and archives (or use the 7-Zip trick for them). However, such a solution should not be applied to the computers of happy clickers, children, or inexperienced users (alerts require user interaction).</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1115213, member: 32260"] [B]What is the difference between applying an "Ignore" action to the application and not doing this?[/B] When Comodo Auto-containment is set to "Ignore" a particular application, all its actions are ignored too (including possible exploits, *.tmp files, etc.). This is very usable, but not always safe. Fortunately, the commonly exploited applications are popular/signed, so they rarely require the "Ignore" action. The cons are that several "Ignore" rules must be added for other applications (mainly to avoid blocks after update). When using a "less than" time limit, Comodo allows running the installed application, but possible exploits, *.tmp files, etc., can still be auto-contained or restricted by Comodo's Script Analysis. Such a solution requires an anti-virus with good signatures to prevent infections by some non-0-day malware. Currently, this solution is not optimal for CIS users but prefers Comodo FIrewall + popular AV. Such a solution (silent setup) can be applied to the computers of happy clickers, children, or inexperienced users. I think that for CIS users (MalwareTips members), the safest solution is not using "less than" time limit and avoiding "Ignore" actions for commonly exploited applications. To prevent most attacks via DLLs, one must be cautious when opening disk images, shortcuts, and archives (or use the 7-Zip trick for them). However, such a solution should not be applied to the computers of happy clickers, children, or inexperienced users (alerts require user interaction). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
