Drawbacks of Comodo Cruelsister Config

AV-Freak

AV-Freak

Level 2
Thread author
Verified
Feb 14, 2018
52
289
65
India
Dear friends,

I have installed Comodo firewall in some of my pc's configured it with cruel sister's settings and been using it for many months. Even without an Antivirus component (Comodo cloud AV), it blocked much malware that tried to infiltrate the system and moved them to auto containment. The pc is confirmed to be clean after running on-demand scans with zemana and Emsisoft Emergency kit. I would like to know what are the drawbacks of Comodo Cruel Sister settings and why some people are hesitant to use it ?. Will it be a good idea to install it in my clients pc's ?

Kindly share your views. Thanks.:oops:
 
  • Like
Reactions: Behold Eck, [correlate], roger_m and 6 others
I think the cs setting is the greatest common divisor. For users who are worried about how to set it up, it is an excellent guide.
Users who have a certain level of knowledge often make further adjustments by using hips. In this case, the settings should be called technical books rather than guides.
 
  • Like
  • Thanks
Reactions: AV-Freak, roger_m, Dave Russo and 5 others
There has been proof of malware escaping Comodo's isolation. There was a video round the forums, I will try to attach it to my comment as soon as I find it.

Nevertheless, it is not CS CFW what uses to be criticized, but Comodo itself as a product. I like it, but everybody knows it buggy. Within each new update it gets better, but it's still buggy.
 
  • Like
  • Thanks
Reactions: AV-Freak, roger_m, Dave Russo and 8 others
AV-Freak said:
I would like to know what are the drawbacks of Comodo Cruel Sister settings and why some people are hesitant to use it ?
Click to expand...

CruelSister is default deny of unsigned and irregularly or improperly signed applications. It takes a real sellout mentality to trust Comodo with default deny. To use @cruelsister means to trust implicitly Comodo's Trusted Vendors list and the Comodo Cloud. That's it.

If you can get your clients to go 100% for the Comodo way, then yes you can install the software on your clients' PCs. If you mean business/office PCs on a network, the only problem is that there isn't a mechanism in the over the counter consumer versions of Comodo free for command and control across a network. Users would have to be set up machine by machine with a password to protect the settings and then they have to have a way to request a software. If you are a home PC tech, you will have to teach your clients to send files to Comodo to notify the company of false positives. We all know, in Cruelsister, "Unrecognized" will not run. This means probably over 90% of unsigned software...
 
  • Like
  • Thanks
Reactions: Venustus, AV-Freak, roger_m and 7 others
Comodo is great software for people who know what they doing with their pc. It's not for novice or... clients... which in their definition needs something more automatic and less intrusive. After all, combos with Comodo's products may making you headache so be carefull. Many products (like for example Kaspersky) have something like blacklist or unsuported software but in your case when you talking about second opinion scanner it's not big problem.
 
Last edited:
  • Like
  • Thanks
Reactions: [correlate], Venustus, AV-Freak and 6 others
CS CFW has been trendy around MTs for awhile. Ironically... now... long after CS has disappeared.

When I ran this setup, it was effective.

But when Windows updated, it broke. When Comodo updated, it broke.

Default-Deny and Default-Deny like products have never gained commercial popularity even though they can be effective.

Why... because they can require knowledge or willingness to take time to understand. They can be a pain-in-the-asteroid.

I've used and liked many of the default-deny like products.... DefenseWall, AppGuard, Sandboxie.. and others. They can be effective.

But I'm evolving away from those types of products.
 
  • Like
  • Thanks
Reactions: [correlate], Behold Eck, Venustus and 8 others
I think that the list of vendors should be rewritten according to the user's environment.
For example, if you recommended an acquaintance to use comodo, it would be really annoying to lecture such settings.
For those who want to install and keep security with the default settings, adjusting these settings seems to be a pain.
 
  • Like
  • Thanks
Reactions: Venustus, AV-Freak, AtlBo and 5 others
For most people, I install Chrome with Malwarebytes Browser Extension, TrafficLight, Windows Defender Browser Protection, WebRTC Leak Prevent, and HTTPS Everywhere. Then I turn UAC all the way up, activate DEP for all programs, set CleanBrowsing DNS for all network adapters, and install AppCheck as a last bastion against ransomware. I leave Windows Defender as is.

After that, I let them know that I hope this will protect them from everything they're likely to encounter, but can lock their system down tighter; if they want to sit down with me and try to learn to properly use Tech Fortress ($3.99 a month) and type an administrator password each time they want to change something (limited account), or call me to do it for them.
 
  • Like
Reactions: Venustus, AV-Freak, AtlBo and 4 others
oldschool said:
But can't you customize the TVL? :unsure:
Click to expand...

Yes, this is a good point @oldschool. I used to do this, but the list is so long, I just gave up. It's actually not that hard, but you have to start with your own short list you would like to use. Once in the TVL, put a check box all of the vendors using the checkbox header at the top. Search for your first one (i.e. Microsoft) in the TVL header for the vendor name to find those and then uncheck them. Move to the next vendor search that vendor and uncheck those. When finished with your vendors, click delete to delete all the vendors that are still checked.

I really gave up trimming, because I felt that the Comodo list was good enough really. I'm sure it could be better, but I know that a developer would be in bad shape if he did Comodo wrong. It's fairly powerful incentive for a dev to stay out of trouble, since Comodo sells digital signatures.

In the end, I can trim the TVL to a hundred entries or so from, say, 50 companies. But then, I feel the list is too short when something new comes out, and the dev isn't in the list. So I finally gave in to trusting Comodo with the list. For me, trusting the list made the program better. That said, the massive TVL is definitely one reason why I also run HIPs, and I would consider it a good enough reason to run something underneath Comodo Firewall such as NVT OSArmor, SysHardener, Hard_Configurator, AppCheck, an a-v etc...:)
 
  • Like
Reactions: Behold Eck, show-Zi, Burrito and 4 others
oldschool said:
I don't bother with Comodo FW. Not for me.
Click to expand...

It's understandable for sure. I just spent the better part of a day today trying to determine what was wrong with CF. It suddenly would not enforce rules for a .bat on the desktop. I tried everything, removing every trace of the file from Comodo settings, moving the file, making another by a different name and still the .bat would run with HIPs on in safe mode and auto-contain on too. Nothing. So, I finally gave up and tried ZoneAlarm for about an hour, until I saw it isn't for me. It's much better than a year or two ago, however, that is for sure (no comparison almost). Then I uninstalled ZoneAlarm and finally reinstalled Comodo. I reimported the same settings I saved before uninstalling, and now it's working perfectly.

Comodo have got to get the run time reliability of the FW to a respectable level. There have to be warnings in the program when something is not functioning as it should. Look at Avast. If something isn't working, Avast will say so in the system tray and or with an alert. Seriously, if the program is just going to be off while it sits there using the processor, should it be there?

Maybe conflicts with Kaspersky are the problem here, I don't know. For now, I will go as long as Comodo is functioning and just run a test every once in awhile to see if it is. In the mean time I will be counting on KSC and NVT OSArmor too, so I am not too worried...
 
  • Like
  • Applause
Reactions: [correlate], show-Zi, Burrito and 7 others
oldschool said:
I don't bother with Comodo FW. Not for me.
Click to expand...
I still use Cruel Comodo, but am continually searching for better options. I've considered the prospect of using ACL deny entries to block standard users from executing vulnerable programs (my list is up to 25), so you could still use Run As to install a new program without having to reboot, or even temporarily disable protection. However, I don't believe that does anything to prevent memory modification within the processes of the browser itself. Anyone any thoughts?
 
  • Like
Reactions: show-Zi, Venustus, AV-Freak and 5 others
Is not difficult.
In the first window, highlight and press delete, everything will be deleted.
2: what we have will be analyzed.
and in 3 they will leave a moton of things of the system that we give it to open, and we open and with the right button we give all the option of reliable. And voila, we have removed the list. We simply leave the system and the programs we have.
 

Attachments

  • Screenshot_1.png
    Screenshot_1.png
    68.7 KB · Views: 594
  • Screenshot_2.png
    Screenshot_2.png
    71 KB · Views: 610
  • Screenshot_3.png
    Screenshot_3.png
    16.6 KB · Views: 547
  • Like
  • +Reputation
Reactions: [correlate], Behold Eck, show-Zi and 8 others

You may also like...