Question Give me an unbiased opinion please. Concerning Containment and CS

[tofargone]

The last few days I've noticed some intense discussion about Comodo FW and it's containment features.

I have a question, about the containment / deny feature.

Putting aside the bugs, your love, or dislike for comodo, it's weak AV, whether it's a tool for novices ETC

With Cruel Sister's settings is it able to protect / secure a single PC better than anything else, when used with defender, and possible Andy's tools?

Thanks Guys, just wanted to hear your opinions.

 

[tofargone]

I'm also curious. I remember someone here making a screenshot of 2 settings in Webroot that they really liked. I wonder if those 2 or 3 settings plus CS settings in Comodo FW would produce a light security combination for Windows 11... Just brain storming, kind of bored tonight.

 

[Trident]

I'm also curious. I remember someone here making a screenshot of 2 settings in Webroot that they really liked. I wonder if those 2 or 3 settings plus CS settings in Comodo FW would produce a light security combination for Windows 11... Just brain storming, kind of bored tonight.

There is a setting in Webroot that disables execution of unverified/untrusted code.

To activate:

1. From the Webroot main page, click Advanced Settings. The Settings pane appears.
2. Open the Heuristics tab, then select your options.

Activate

• Warn when any new program executes that is not specifically whitelisted - Issues a warning for any program not specifically included in the Webroot database of applications that are known to be okay.

Yes, this setting will definitely create a secure environment for home users who don’t engage in downloads of low quality, low prevalence apps. Make sure you read the admin guide and understand how you can handle potential false positives. In this setting, you will not need Comodo as default-deny is provided by Webroot.

Webroot Home Products User Guide

 

[rashmi]

With Cruel Sister's settings is it able to protect / secure a single PC better than anything else, when used with defender, and possible Andy's tools?

I've been using Comodo Firewall for years and haven't had any infections. I use the proactive configuration with default containment settings. @cruelsister suggests setting the containment level to "restricted" for even tighter security. Comodo, along with @cruelsister's recommendation, provides powerful protection. I don't use Comodo AV, Defender, or any third-party AV or tool, so it's up to you whether you want to use any.

 

[Digmor Crusher]

You really should have asked your question here, we don't need 2 threads going off the rails.

Serious Discussion - Comodo Containment "Restricted" Restriction Level

 

[simmerskool]

I've been using Comodo Firewall for years and haven't had any infections. I use the proactive configuration with default containment settings. @cruelsister suggests setting the containment level to "restricted" for even tighter security. Comodo, along with @cruelsister's recommendation, provides powerful protection. I don't use Comodo AV, Defender, or any third-party AV or tool, so it's up to you whether you want to use any.

was not aware (or never really tried) to disable MS Defender without installing another AV to replace it. I know you can run Defender with another AV depending on "registering"... so how do you disable Defender and not run any AV. thanks.

 

[darko999]

was not aware (or never really tried) to disable MS Defender without installing another AV to replace it. I know you can run Defender with another AV depending on "registering"... so how do you disable Defender and not run any AV. thanks.

First you need to disable Windows Defender tamper protection, then you can disable Windows Defender by local group policy editor, be aware that you'll have to do this twice as it will flip back to enabled on the first computer restart. After the second time you disable it, it will stay disabled.
EDIT: Yes, this for windows 10 only.

 

[rashmi]

so how do you disable Defender and not run any AV.

Disabling Defender using Group Policy doesn't work on Windows 11. I disabled Defender using Sordum's Defender Control.

 

[rashmi]

First you need to disable Windows Defender tamper protection, then you can disable Windows Defender by local group policy editor, be aware that you'll have to do this twice as it will flip back to enabled on the first computer restart. After the second time you disable it, it will stay disabled.

I tried multiple restarts and shutdowns, but this didn't work for me on Windows 11. I don't know if Microsoft has recently fixed it with updates.

 

[darko999]

I tried multiple restarts and shutdowns, but this didn't work for me on Windows 11. I don't know if Microsoft has recently fixed it with updates.

Yes I run win 10.

 

[simmerskool]

First you need to disable Windows Defender tamper protection, then you can disable Windows Defender by local group policy editor, be aware that you'll have to do this twice as it will flip back to enabled on the first computer restart. After the second time you disable it, it will stay disabled.
EDIT: Yes, this for windows 10 only.

very good as I seem to be running win10
good to know how to do this, but for now I'll leave MS Defender running where it is running...

 

[bazang]

With Cruel Sister's settings is it able to protect / secure a single PC better than anything else, when used with defender, and possible Andy's tools?

With the "CS configuration" you really do not need Andy Ful's tools. Choose one or the other as combined they are overkill.

There is no known record of a hooman being harmed or dying from using Comodo.

I know families that use Comodo because they cannot afford to pay for security software. If it were not for Comodo, their machines would be infected by the combined 7 children wreaking havoc on the combined 2 laptops.

Whatever the debate here, what does that result tell you?

I'm also curious. I remember someone here making a screenshot of 2 settings in Webroot that they really liked. I wonder if those 2 or 3 settings plus CS settings in Comodo FW would produce a light security combination for Windows 11... Just brain storming, kind of bored tonight.

So you plan on combining Webroot and Comodo on one system. For what?

Way back in the day, like 10 years ago, it was a thing to combine Emsisoft and Comodo. In that era it was acceptable. In this era it is irrational.

Use Webroot alone per Trident's configuration.

was not aware (or never really tried) to disable MS Defender without installing another AV to replace it. I know you can run Defender with another AV depending on "registering"... so how do you disable Defender and not run any AV. thanks.

Append a " _ " to the Microsoft Defender process name. It will no longer start with Windows bootup. Problem solved.

There is no need to over-complicate things or mount an expedition online to figure out how to disable Microsoft Defender.

Millions of people blame Microsoft for not doing enough to protect users. This sort of thing is the consequence. In the future, you can expect Microsoft to take "user freedom" away more and more from users.

Knowing what people are like, Microsoft should not allow users to do anything except install apps from the Microsoft Store. That is what would be best for the world.

 

[wat0114]

With Cruel Sister's settings is it able to protect / secure a single PC better than anything else, when used with defender, and possible Andy's tools?

I don't know about this, but I am using a setup similar to CS' - HIPS and VirusScope disabled - with Andy Ful's WHHL and Configure Defender with no issues whatsoever. As @bazang mentions above, it could be overkill, but keep in mind Andy's tools cause no additional impact on system resources. I run Windows 11, 23H2, using cfw v12.2.2.8012 latest stable. Only the firewall and Auto-Containment with "Restricted" containment level are enabled.

I wish the developers did a better job with the Firewall, as in its current form it's too modular and cumbersome to navigate comfortably around, although if you can wrap your head around it, it works well. I modified the built-in Web Browser Ruleset as such:



Anyway, I feel the developers put a lot of skill, ingenuity and effort into cfw. I would say go with the cruel setup and you will be fine. Btw, I had to weaken the Defender protection via Andy's tools before installing cfw, otherwise ASR, SRP and WDAC would interrupt.

 

[cruelsister]

Regarding Windows Defender and Comodo, having Defender enabled on either W10 or Win11 systems presents no issues at all. Personally I have it enabled on my production system as it isn't an inconvenience but on Test systems I disable it as it interferes with malicious processes.

However for any that really feel the need to disable Defender, the easiest way (without the need of playing with Group policy) is by using Defender Control, found here: Download Defender Control - MajorGeeks

Just first shut off real time monitoring in Defender and disable Tamper Protection (found in Defender's settings). Defender Control is in the zipped file- password is: sordum. Then just click Disable Defender. The process can be reversed by clicking Enable.

And obviously I can't comment on Comodo as some might feel that bias is involved (is truth equivalent to Bias?).

 

[ForgottenSeer 114834]

The last few days I've noticed some intense discussion about Comodo FW and it's containment features.

I have a question, about the containment / deny feature.

Putting aside the bugs, your love, or dislike for comodo, it's weak AV, whether it's a tool for novices ETC

With Cruel Sister's settings is it able to protect / secure a single PC better than anything else, when used with defender, and possible Andy's tools?

Thanks Guys, just wanted to hear your opinions.

Unbiased, sure I can certainly do that.

Ask yourself what your level of knowledge is of the operating system you would be installing. Then ask your self while using a software designed as default deny, if you know the applications you use daily well enough to know how they interact with the operating system and it's services. If you can honestly state that you know enough about these to comfortably run a software that if misconfigured could actually leave you more vulnerable and or crash your system, then you would be fine.

In the right hands, CIS can be a powerful tool, problem is most people in this forum are not experienced enough to handle it without guides and help, and heaven forbid they run into issues with it and the OS or other apps that would be capable of blue screening the system.

If you have external system images in case of reinstall needed and back up your personal stuff frequently on external devices then by all means jump in with both feet.

 

[ForgottenSeer 114834]

(is truth equivalent to Bias?).

Convincing users to use software that you as an "experienced/advanced" user can handle no problem, just because it's your favorite and you feel it's the best suite security now days is the very definition of biased.

You know I couldn't resist the hook you left so now your mob of "hope she chooses me to flirt with or adores me for sticking up for her" followers can ascend on me bashing me because I actually wrote truth in this post and the one I posted above it.

That's the difference since you asked.

 

[Decopi]

Comodo is an abandoware, at least since ±2017.
Only in 2024 it received the first upgrade/update... which was totally fake, because the new so-called "CIS 2025" has no new features (it's 99% similar to CIS 2018), and worse, it has all the dangerous unfixed bugs (accumulated since ±2017).
So, it's not a matter of biased or unbiased, but it's a matter of principles: An old abandoware software, full of dangerous unfixed bugs, shouldn't be used.

In addition, even in the hypothetical case, where Comodo might be totally updated/upgraded, no bugs etc... Comodo is not an antivirus nor is it an antimalware. Depending on Comodo's antivirus means 100% probability of infection. And the other modules do not detect viruses or malware.

Comodo is just a blocker. And like any blocker, directly or indirectly, it depends on the end user. That means that 99.99% of the users are not capable or ever will be able to use Comodo.

 

[SeaKelp]

I look at things thoroughly IMO. I chose CFW/CrSis about 4-5 years ago with Defender/AndyFul about 2 years ago and ditched Bitdefender/various firewalls. About 9 years ago I was using Comodo AV/FW with default settings on some of our workstations based on some readings a while before where our Gov't tried but couldn't circumvent it. A moron using one of the workstations (company pres) clicked on a spurious email link ("I knew I shouldn't have") and a 0-day slipped past the goalie. It was no big deal because we were only working on Secret clearance level DOD projects. Luckily he waited two months to tell me his workstion started running like crap about two months earlier. I switched to BitDefender at that time. Anyway, watch Cruel Sister's videos and draw your own conclusions. She is involved with the industry in some fashion. Using her settings creates the most protection while eliminating the annoying user input necessary at default settings. Just don't click on email links "you know you shouldn't have" and you'll be fine.
* I went back to Linux maybe 6 months ago but I haven't seen anything since then to change my mind about CFW/CrSis/Defender/AndyFul. Really respect both their efforts as well as the others on here who do all the work and produce the vids .

 

[darko999]

Comodo is an abandoware, at least since ±2017.
Only in 2024 it received the first upgrade/update... which was totally fake, because the new so-called "CIS 2025" has no new features (it's 99% similar to CIS 2018), and worse, it has all the dangerous unfixed bugs (accumulated since ±2017).
So, it's not a matter of biased or unbiased, but it's a matter of principles: An old abandoware software, full of dangerous unfixed bugs, shouldn't be used.

In addition, even in the hypothetical case, where Comodo might be totally updated/upgraded, no bugs etc... Comodo is not an antivirus nor is it an antimalware. Depending on Comodo's antivirus means 100% probability of infection. And the other modules do not detect viruses or malware.

Comodo is just a blocker. And like any blocker, directly or indirectly, it depends on the end user. That means that 99.99% of the users are not capable or ever will be able to use Comodo.

Most absurd thing I have read so far, I won't even bother adding extra words.

 

[simmerskool]

In the right hands, CIS can be a powerful tool, problem is most people in this forum are not experienced enough to handle it without guides and help, and heaven forbid they run into issues with it and the OS or other apps that would be capable of blue screening the system.

perhaps... but years of usage-experience of CF with cruelcomodo settings by many MT users without any OS blue screens or any issues, including no malware infections, shows the opposite, although agree CF usage is / has been aided by Cruelsister's guidance. (or that's my non-expert experience with CF). Folks also discuss other AV tweaks by knowledgeable users, eg, apps like Kaspersky, ESET, Harmony without all the disharmonious posts.