Deletedmessiah

Level 22
Verified
Content Creator
Link please. This doesn't sound right, or is out of context.
She said in one of the threads few months ago when I was asking someone if I could use firewall component only. I don't remember which thread. But like I mentioned above, I'm unsure if using Comodo's firewall component only(with sandbox and everything else disabled) along with another AV like Avast free would be fine. @cruelsister can you clear things up?
 
  • Like
Reactions: Warrior

cruelsister

Level 36
Verified
Trusted
Content Creator
I'm unsure if using Comodo's firewall component only
My Lord Messiah- DO NOT DO THIS! Although on the whole the Comodo Firewall is adequate by itself, Comodo has made an assumption (justifiable) that AT LEAST one other component- specifically either the HIPS or Sandbox- would be active. This assumption allows more efficient coding in that some protections will be made by one of the other components thus obviating the need for the Firewall to do so.

Specifically this really can be seen in one (important) case, that of Forked processes. Run a malware file that will attempt to Fork a process; the HIPS will alert to the resultant System Call and/or the creation of the spawned child. The sandbox will just contain the entire malware and the entire mechanism won't even happen. But if you disable both the HIPS and Sandbox and just run Avast (or whatever) AND that other Security app does not pick up on the malware, the Fork will be allowed to proceed and WILL successfully connect out.

So if you want just a Firewall, please, please go with something else like WFC. TinyWall, etc. These are self-contained apps that make no assumptions about the other Security that you have active and will block such spawn without issue.
 

Deletedmessiah

Level 22
Verified
Content Creator
My Lord Messiah- DO NOT DO THIS! Although on the whole the Comodo Firewall is adequate by itself, Comodo has made an assumption (justifiable) that AT LEAST one other component- specifically either the HIPS or Sandbox- would be active. This assumption allows more efficient coding in that some protections will be made by one of the other components thus obviating the need for the Firewall to do so.

Specifically this really can be seen in one (important) case, that of Forked processes. Run a malware file that will attempt to Fork a process; the HIPS will alert to the resultant System Call and/or the creation of the spawned child. The sandbox will just contain the entire malware and the entire mechanism won't even happen. But if you disable both the HIPS and Sandbox and just run Avast (or whatever) AND that other Security app does not pick up on the malware, the Fork will be allowed to proceed and WILL successfully connect out.

So if you want just a Firewall, please, please go with something else like WFC. TinyWall, etc. These are self-contained apps that make no assumptions about the other Security that you have active and will block such spawn without issue.
Thanks for clearing that up nice sis!