Advice Request Cruel CF still safe? What companion AV? and a minor issue.

[Stronghold]

My new computer came with McAfee preinstalled and a month free subscription, I installed CFW with very old (2019 or older) @cruelsister settings but the McAfee license ran out so I'm looking for a good free companion to Cruel CF and a more up to date way to set up Cruel CF, if someone has screenshots for that. I did notice the sticky about cruel settings but that hasn't been updated in a while so if any one could share the right up to date settings it would help me a lot.
I also read somewhere (I don't remember where) that Cruel CF has supposedly been successfully circumvented but I don't know if that is true.

On other devices I had Avast as companion but after the data harvesting scandals I'm not that thrilled about using it anymore, however I do not know what the best alternative would be.

I'm not sure if I trust Microsoft Defender to always have my back and the DefenderUI is a problem setting up because it executes everything through PowerShell, which gets Sandboxed by Cruel CF right away.
If anyone knows a good companion that will keep me virus free and what settings to use in the companion I would appreciate it.

I've also had a minor issue with Cruel CF since I got Win 11 on my new device. Some windows files are regularly generated as unsigned DLL's in %\windows\Assembly\NativeImages_4.0.30319_64\ directories, as an example Netstandard.ni.dll and System.Runtime.InteropServices.RuntimeInformation.ni.dll both showed up today as unsigned files. Comodo automatically blocks them and they are labeled as Unrecognized in the look up. VirusTotal tells me they are safe and while I know this is good for security and they can't sideload something I don't know when to add one as trusted or to ignore one, I don't even know what the files do.
Any information about how to handle this and why this happens would be a great help.

 

[ErzCrz]

As far as I am aware CF @cruelsister settings are bulletproof. Works fine along side most AVs. People usually recommend Bitdefender Free or Kaspersky Cloud free just make sure to install those firs.

 

[Stronghold]

What are the most up to date settings? The settings I currently use are very old.

I read somewhere that Cruel uses WiseVector next to Comodo? I'm not sure if that is still the case or if you'd need another AV next to that.
As far as Bitdefender or Kaspersky, I haven't used Bitdefender yet but isn't Kaspersky blacklisted because of Russia? I don't really care too much about company location (WiseVector is Chinese if I'm not wrong) but I do want to stay safe and have my privacy
Avast had so many nice options like hardening since I don't have hardened windows but the data harvesting was too much for me to continue using it.

 

[gery79]

i would go with AVG antivirus free or paid

 

[Stronghold]

As far as I am aware CF @cruelsister settings are bulletproof. Works fine along side most AVs. People usually recommend Bitdefender Free or Kaspersky Cloud free just make sure to install those firs.

I forgot to mention in my other message that it will be hard to install AV first since Cruel CF (old config and all my current settings) is already running with McAfee, I will have to uninstall McAfee, then install something else.

i would go with AVG antivirus free or paid

AVG and Avast are owned by the same company, Avast Software s.r.o.. It is the same engine with a different UI but the problem is the current parent company that sold "anonymized" identifiable data through Jumpshot.

 

[Stronghold]

I fail to see the romance in this topic.
Overly simplified the topic boils down to 3 main points

1. Is Cruel CF still bulletproof and if so what are the best current settings
2. What free AV solution works best with/has the best results based on testing with Cruel CF and with what settings
3. What to do with the minor issue mentioned above

Those are the 3 main points stripped from all context.

Nonetheless thank you for your input

 

[SpiderWeb]

As far as I am aware CF @cruelsister settings are bulletproof. Works fine along side most AVs. People usually recommend Bitdefender Free or Kaspersky Cloud free just make sure to install those firs.

I think what OP is asking is valid. Maybe Comodo Firewall has gotten worse over time. I have not checked up on it. But I remember reading an article from leaked CIA commentary that Comodo Firewall used to be strong, but they have since change their engine leaving it with vulnerabilities that we might not be aware of. cruelsister would probably be the best person to speak on this topic tho lol.

Latest Wikileaks Document Dump | Comodo is a Pain for Hackers

The latest Wikileaks Document from CIA that have compromised many system could not bypass Comodo Internet Security. Know more in Detail here.

blog.comodo.com

 

[printing]

Windows Defender and Cruel CF settings are very good combo.
You can add WiseVector if you want another layer.

 

[Stronghold]

Windows Defender and Cruel CF settings are very good combo.
You can add WiseVector if you want another layer.

I'm not sure about WD, the results can be either very good or average depending on the period it is tested in. I also have no idea what the best setup would be and DefenderUI doesn't work well with CF because it executes everything through PowerShell commands.
If I'm going to use WD I would have to know how Windows Hardening works and how to set up WD to preform at its best.

First I would need the latest Cruel CF settings since mine are out of date and I would need to know how to add the extra layers without them causing a conflict between them.

WiseVector looks like a good program but it is temporary because it will be a paid program once it's out of testing and I wouldn't know how to use it without causing a conflict with CF.
But I would need to know that if I want to start using Kaspersy or Bitdefender too.

 

[RoboMan]

Yes, CS CFW is still safe. It's not something it gets commonly "outdated" as it's not based in signatures whatsoever. Cruelsister's approach on Comodo relies on auto-containment, therefore, as long as nobody finds a vulnerability in Comodo's products that can bypass the sandbox, you're good.

 

[ErzCrz]

Microsoft Defender is a lot better than it used to be. Have you tried ConfigureDefender instead of DefenderUI? ConfigureDefender It's one of @Andy Ful 's programs.

Cruelsister's CF settings are still valid and the best way to go. You don't need to tweak CF beyond those settings.

You might be able to run SimpleWIndowsHardening with Comodo but I've not had a chance to experiment with it

 

[Stronghold]

Yes, CS CFW is still safe. It's not something it gets commonly "outdated" as it's not based in signatures whatsoever. Cruelsister's approach on Comodo relies on auto-containment, therefore, as long as nobody finds a vulnerability in Comodo's products that can bypass the sandbox, you're good.

@SpiderWeb has a good point, the engine has changed so it is not impossible that vulnerabilities exist now. I also read somewhere (I don't remember where) that Cruel CF has supposedly been successfully circumvented but I don't know if that is true. That's why I asked it.

Microsoft Defender is a lot better than it used to be. Have you tried ConfigureDefender instead of DefenderUI? ConfigureDefender It's one of @Andy Ful 's programs.

Cruelsister's CF settings are still valid and the best way to go. You don't need to tweak CF beyond those settings.

You might be able to run SimpleWIndowsHardening with Comodo but I've not had a chance to experiment with it

I still need the most up to date settings for Cruel CF, are those the settings shown in the attachments by @Terry Ganzi on May 22, 2021 in the sticky post?
While I don't understand what he means about Killswitch making it easier for Comodo to whitelist programs, I never installed it since I have Process Explorer.

I have also tried ConfigureDefender but that gives has the same problems as DefenderUI. I can turn off Auto-Containment while doing the first run of them because if I don't everything will be sandboxed by Cruel CF.

I would also be ok with running Bitdefender or Kaspersky Free and WiseVector (whichever gets the best results, doesn't cause issues when gaming and allows me to turn off HTTP and HTTPS browsing protection because it always gives problems with certificates) or Microsoft Defender + DefenderUI/ConfigureDefender and WiseVector, but I would need to know how to set each of them up with the right settings so there won't be a conflict with Cruel CF and how to set Cruel CF so it won't block the other AVs.

I wouldn't know where to start so if anyone can guide me it would be a great help.

 

[Stronghold]

I can't edit my previous post anymore but I installed WiseVector as a companion to CruelCF, I might add Microsoft Defender (with DefenderUI if I can get that to work) if that would be of any use but I'm sure someone here will know that better than I do.
I didn't change any settings in Cruel CF and left WiseVector (default) set to automatic with machine learning set to normal.

But I don't know if that's the best way to set it up.

 

[cruelsister]

For WiseVector (which works well with CF). I would suggest leaving everything at default EXCEPT changing both the Firewall and HIPS modules of WVSX to Low Security- this is because the HIPS is not needed and the WV firewall is inferior to that of CF. Alternatively if you would rather try Kaspersky Cloud, this could be installed with CF, but note that the alert that Comodo is incompatible should be ignored- just proceed with the installation.

As to the Cruel settings, yes they are still valid. As I use CF myself any new malware that I come across (or code myself) will be tried against CF. Still haven't been able to penetrate the protection afforded and God Knows I've tried. You have noted that some claimed that CF was bypassed but none has been able to prove that such exists. Instead Cf has shown its value recently as a legitimately signed Magniber ransomware that was a true Zer0 Day (at the time) was ignored by available AV's but stopped by the File Rating module in CF which shunted the malware off to the sandbox where it expired in despair.

Finally you have brought up the issue that occasionally Comodo will alert that various legitimate windows files are Blocked (especially certain WD things and something like SmartScreen). I do agree that this is a pain, but can be remedied by right clicking on them in the Blocked section of the GUI and adding them to Trusted. The dll's and aux files that Windows generates in Assembly are not really blocked as such and are just generated during installs/uninstalls so can be ignored.

Hope this helps, and I apologize for not responding to this thread sooner.

M

 

[Gandalf_The_Grey]

For WiseVector (which works well with CF). I would suggest leaving everything at default EXCEPT changing both the Firewall and HIPS modules of WVSX to Low Security- this is because the HIPS is not needed and the WV firewall is inferior to that of CF. Alternatively if you would rather try Kaspersky Cloud, this could be installed with CF, but note that the alert that Comodo is incompatible should be ignored- just proceed with the installation.

As to the Cruel settings, yes they are still valid. As I use CF myself any new malware that I come across (or code myself) will be tried against CF. Still haven't been able to penetrate the protection afforded and God Knows I've tried. You have noted that some claimed that CF was bypassed but none has been able to prove that such exists. Instead Cf has shown its value recently as a legitimately signed Magniber ransomware that was a true Zer0 Day (at the time) was ignored by available AV's but stopped by the File Rating module in CF which shunted the malware off to the sandbox where it expired in despair.

Finally you have brought up the issue that occasionally Comodo will alert that various legitimate windows files are Blocked (especially certain WD things and something like SmartScreen). I do agree that this is a pain, but can be remedied by right clicking on them in the Blocked section of the GUI and adding them to Trusted. The dll's and aux files that Windows generates in Assembly are not really blocked as such and are just generated during installs/uninstalls so can be ignored.

Hope this helps, and I apologize for not responding to this thread sooner.

M

Wouldn't Microsoft Defender with ConfigureDefender on High be a better companion AV because of the ASR rules for someone who uses Microsoft (Office) 365?

 

[cruelsister]

I didn't mention WD as Stronghold wrote: "I'm not sure if I trust Microsoft Defender". But personally I have WD active on my systems as I see no real need to disable it. Although it really doesn't add anything to the protection afforded by CF, it also doesn't detract. Regarding any WD tweaks I can't see the need for it on cruelCF systems.

 

[Stronghold]

For WiseVector (which works well with CF). I would suggest leaving everything at default EXCEPT changing both the Firewall and HIPS modules of WVSX to Low Security- this is because the HIPS is not needed and the WV firewall is inferior to that of CF. Alternatively if you would rather try Kaspersky Cloud, this could be installed with CF, but note that the alert that Comodo is incompatible should be ignored- just proceed with the installation.

As to the Cruel settings, yes they are still valid. As I use CF myself any new malware that I come across (or code myself) will be tried against CF. Still haven't been able to penetrate the protection afforded and God Knows I've tried. You have noted that some claimed that CF was bypassed but none has been able to prove that such exists. Instead Cf has shown its value recently as a legitimately signed Magniber ransomware that was a true Zer0 Day (at the time) was ignored by available AV's but stopped by the File Rating module in CF which shunted the malware off to the sandbox where it expired in despair.

Finally you have brought up the issue that occasionally Comodo will alert that various legitimate windows files are Blocked (especially certain WD things and something like SmartScreen). I do agree that this is a pain, but can be remedied by right clicking on them in the Blocked section of the GUI and adding them to Trusted. The dll's and aux files that Windows generates in Assembly are not really blocked as such and are just generated during installs/uninstalls so can be ignored.

Hope this helps, and I apologize for not responding to this thread sooner.

M

Thank you for this information, it helps a lot.

WV looks like it works great next to cruelCF as a solid buffer.
I turned off all web protection awaiting the reaction from WiseVector on how they actually use their firewall and URL protection (it's a good program but not new yet it's still free, it's Chinese, you never know), if they use certificates that MITM your HTTPS connections like many AV's do I'd rather have it turned off, use uBlock malware and phishing blocking and whatever is built into CF to avoid any data harvesting like Avast did with Jumpshot (used that for years). If they don't I'll turn it back on.
I lowered the firewall to Low just in case.
Is it important to set the HIPS to low? I have it set to default right now and don't notice any slow downs or any problems, my current computer is high end gaming from April this year, I don't notice much delay of anything so I might not be the best judge of that.
Should I leave Machine Learning to the default also or set it to High?

It's very good to hear that Cruel settings are still working so well and that you're still testing it in the wild. I have used it for many years and I'm still grateful to you for bringing these settings to our attention. I wasn't sure if any of what I heard was true but the bad CIS tests not using Cruel CF in the malware hub did make me question it for a moment.
Are the current settings still the same settings as these attachments Q&A - Where can I find @Cruelsisters Config? ?
I don't know if it matters but I exported the proactive defense from my previous device (to multiple others with the same file configuration) and enabled that instead since all my program and network configuration is already done there which would be a lot of work to set up on each device. I don't think it matters too much since it's still the Proactive defense module but I have to ask to be sure.

Comodo does block a lot of legitimate files which are hard to evaluate but a virustotal check usually helps or I ignore them until Comodo whitelists them.
I noticed that anything generated with Ngen.exe will be an unsigned copy of it which will end up in the blocked section. A good example is Keepass.ni.exe which is a virtual copy made by Keepass that suddenly showed up asking to be submitted to Comodo. It's the same file but unsigned and doesn't seem to be malicious but Keepass functions fine without whitelisting it so I leave it there anyway.

I didn't mention WD as Stronghold wrote: "I'm not sure if I trust Microsoft Defender". But personally I have WD active on my systems as I see no real need to disable it. Although it really doesn't add anything to the protection afforded by CF, it also doesn't detract. Regarding any WD tweaks I can't see the need for it on cruelCF systems.

This is something I really needed to know too. Since WV still doesn't register in Windows as AV I do want a fall back in case everything fails. It is not so much that I don't trust WD with what it does at all but I don't always trust it to keep me completely safe. It is fine as a final fall back and a nice signature scanner.
What kind of settings would you suggest to leave that on? I have DefenderUI but that doesn't work well with Comodo since all commands are run through PowerShell and auto-contained so I would have to manually set them or disable auto-containment for 15 minutes.