Endpoint Detection and Response By Comodo

[Sunshine-boy]

Hello
I was searching for a free and high-quality EDR tool.
Today I found it. its CWatch EDR by Comodo.
Its the only Comodo product that I'm in love with it:notworthy:! this application monitors your windows for suspicious activities and generates smart alerts to your dashboard! very cool application.i just uploaded the installer to vt and 3 Avs detected it as an unsafe(it was not in VT before).

VirusTotal
Idk how safe it is but very paranoid and cleverer tool.

You can add more parameters to monitor(i added Access Screen/ Set Windows Hook and Code Injection) !it works better than any HIPS/HIDS I really ♥ it.
Its free : )
Give it a try.
Go here:
1-https://edr.cwatch.comodo.com/plans
2-choice the free plan.
3-Sign up
4- DW and install the tool.
5- You are protected
You can use it alongside with any Av! very light and effective tool.

 

[Sunshine-boy]

It monitors these events plus more.... you can even add more rules(EDIT THEM).but I keep it on default.
Addition of DNS Server
Modify Hosts File Registry
Disable Show Hidden Files
Share Folder
Disable Windows Application
Booting Time Execution
Disable Service
Disable Auto Update
Add Autorun In Registry
Disable Command Prompt
Add Service
Modify AppInit_DLLs in Registry
Modify Firewall Settings
Disable Registry Editing Tool
Layered Service Provider installation
Add Service to svchost
Add Active Setup Value In Registry
Modify Powershell Execution Policy
Installation of Drivers
Disable Task Manager
Disable User Account Control
Suspicious System Process Creation
Remote Powershell Execution
Stop Service
Suspicious Powershell Flag
Run Untrusted Executable
Suspicious Process Hierarchy
Start Service
Add Scheduled Task
Write Fake System File
Write to System Directory
Add Startup File or Folder
Write to Infectible File
Modify Host File
Write to Program Files Directory
Modify Group Policy Settings

 

[shmu26]

So basically, this is a fancy online log for suspicious activities. The free version keeps logs for three days back.
As far as I can tell, it does not actually block anything, it just logs activities, and categorizes their risk level etc.

 

[shmu26]

This is actually a very useful tool for logging potentially malicious events.
You can watch over multiple computers, from the cloud, and it's free. Nice!
Allows you to keep an eye on the computers of yourself, your cat, your spouse, your Mom, etc.
It is not spying, because it does not show any personal data, it only shows potentially malicious events.

 

[Deleted member 65228]

Be careful and do a thorough investigation into it prior to blindly trying to install it and use it on your main environment. If the product is monitoring all of these activities, it has to be monitoring them somehow, and the last thing you want to end up doing is breaking your environment with incompatibility problems.

It does look interesting though.

 

[Sunshine-boy]

f the product is monitoring all of these activities, it has to be monitoring them somehow

Can you pls test it and tell me its 100% safe or no?

 

[shmu26]

Be careful and do a thorough investigation into it prior to blindly trying to install it and use it on your main environment. If the product is monitoring all of these activities, it has to be monitoring them somehow, and the last thing you want to end up doing is breaking your environment with incompatibility problems.

It does look interesting though.

So far, so good. I can't identify any incompatibilities so far. The logging gives detail, if you zoom in on the time line and select a specific event, it tells you exactly what happened.

 

[shmu26]

I edited my above post, after I figured out how to get a detailed report. It was not immediately obvious to zombies like me.

 

[Deleted member 65228]

Can you pls test it and tell me its 100% safe or no?

I don't plan on looking into it in the near future but maybe the distant future, I'm extremely busy with a lot of different things right now.

However, what I do have time to do is note that the general reviews for COMODO are absolutely atrocious (including for alternative and more primary services they focus on, like certificate issuing). Given the general reviews/feedback of COMODO and the extremely long history of COMODO and their bugs or inappropriate behavior, it is pretty much a golden rule of mine to avoid the vendor at all costs.

It goes without saying though, this Endpoint Detection and Response product seems quite interesting (in a good way).

 

[shmu26]

I don't plan on looking into it in the near future but maybe the distant future, I'm extremely busy with a lot of different things right now.

However, what I do have time to do is note that the general reviews for COMODO are absolutely atrocious (including for alternative and more primary services they focus on, like certificate issuing). Given the general reviews/feedback of COMODO and the extremely long history of COMODO and their bugs or inappropriate behavior, it is pretty much a golden rule of mine to avoid the vendor at all costs.

It goes without saying though, this Endpoint Detection and Response product seems quite interesting (in a good way).

Comodo seems to have put more thought than usual into this product. They are targeting businesses and they think they are going to make decent money on it.
If you open an account, an aggressive Comodo rep will follow up on you by email, and if you interact with him, he will ask whether you are a home or business user, in order to make sure you get support from the "appropriate department".

 

[illumination]

I don't plan on looking into it in the near future but maybe the distant future, I'm extremely busy with a lot of different things right now.

However, what I do have time to do is note that the general reviews for COMODO are absolutely atrocious (including for alternative and more primary services they focus on, like certificate issuing). Given the general reviews/feedback of COMODO and the extremely long history of COMODO and their bugs or inappropriate behavior, it is pretty much a golden rule of mine to avoid the vendor at all costs.

It goes without saying though, this Endpoint Detection and Response product seems quite interesting (in a good way).

With you 100% on this. I would not put any trust into this company or products what so ever, too many times have we seen them cloning/copying other vendors, and the shady happenings are well known.

The old adage that if it is for free, your are the product, should make anyone leery of a product with access to this much information.

 

[Deleted member 65228]

With you 100% on this. I would not put any trust into this company or products what so ever, too many times have we seen them cloning/copying other vendors, and the shady happenings are well known.

There's now rumors coming to surface about COMODO forum posts from 2009 regarding current/ex-staff having discussions about COMODO having hired a Chinese group to reverse engineer ESET NOD32 to build a COMODO product from those times.

Really interesting, and given the date being 2009 and the posts not being removed nor the poster being sued for slander, it is probably actually true.

Who knows though, rumors are rumors... Either way, COMODO still did things like PrivDog which betrayed customers.

 

[mekelek]

first time i heard the phrase "free business product"
yeaa no

 

[ForgottenSeer 58943]

Comodo is crap, from the top to the bottom. Anyone that has been in the IT Security industry for any length of time knows, and will stay away from them. Comodo is a running joke around here at work.

Sorry to be blunt, but their rubbish would never see the light of day on any of my networks or systems.

 

[shmu26]

The firewall, if you disable the other components that come along with it, is not bad at all. I don't know any "perfect" third-party firewall.

Regarding EDR, which this thread is about, it is a new product, the "free" version only saves logs for 3 days, so as regards IT professionals, it is clearly just a demo version. It is meant to be a money maker.

My main complaint about it is that it logs certain events that I can't figure out what is so potentially malicious about them.

 

[illumination]

The firewall, if you disable the other components that come along with it, is not bad at all. I don't know any "perfect" third-party firewall.

Regarding EDR, which this thread is about, it is a new product, the "free" version only saves logs for 3 days, so as regards IT professionals, it is clearly just a demo version. It is meant to be a money maker.

My main complaint about it is that it logs certain events that I can't figure out what is so potentially malicious about them.

It is paying for retention of logs only and just a couple bucks, to feed them "ALL" of your system and personal information. For the same price as their top tier, you could have full protection from SEPC. With Comodo's track record, and personal experiences from those of us that have been around Comodo since it's Firewall only days, we have seen enough, to stay away from that company.

 

[Deleted member 65228]

Yes, COMODO offer free security services, however they've already demonstrated in the past that they cannot be trusted and will happily sell out their customers for personal gain.

 

[ZeroDay]

There's now rumors coming to surface about COMODO forum posts from 2009 regarding current/ex-staff having discussions about COMODO having hired a Chinese group to reverse engineer ESET NOD32 to build a COMODO product from those times.

Really interesting, and given the date being 2009 and the posts not being removed nor the poster being sued for slander, it is probably actually true.

Who knows though, rumors are rumors... Either way, COMODO still did things like PrivDog which betrayed customers.

All the above is 100% true.

 

[cruelsister]

you could have full protection from SEPC

Full Protection with SEP like Home Depot and Target had prior to their massive breaches (and this with a setup by Symantec themselves)? And a Comodo product bearing any similarity to ESET either currently or in the past? Please spare me...

And as to PrivDog- yeah, they totally screwed up the code in two builds running, affecting perhaps less than 10,000 folks Worldwide before it was caught. But the fact this is still fresh in memory after 3 years makes it seem that no one else has EVER screwed up code for a fringe product.

poster being sued for slander

More correctly is that the poster would be sued for Libel (untruth that is written); Slander is untruth that is spoken.

 

[AtlBo]

Occurs to me that this might be an attempt from Comodo to push a crude form of a serious endpoint network monitoring system, this being a first baby step. I don't think the company will have the respect of the other vendors until they can create very serious endpoint monitoring and control, but, obviously, things don't happen quickly at Comodo. When the devs push a crude format this way it just kind of seems to me like a reach for feedback or ideas for something else as much as anything. This is even if the app is not half bad in some ways...