oldschool

Level 35
Verified
@Andy Ful - I have the "Run As SmartScreen" in right click context menu but neither "RAS" or "Run by SmartScreen" in Explorer context menu. I'm sure there was a post(s) on this issue but I'm unable to find it in the 35 pages of this thread. :emoji_disappointed::rolleyes::unsure:
 

Nestor

Level 8
sorry but I don't understand what you said about Runbysmartscreen
I use it because I don't want to upload everything to a website and download them 1 by 1 so I right-click and "Run-by-smartscreen" with anything I can, except the extensions you give the warning sign of SS being not supported => ignore because SS by default won't show any warning like that => to simulate a real-world scenario

I don't look at the icon, I look at the extensions. If it has .exe or anything SS supports, I will Run-by-smartscreen

I want to test WD at max settings and smartscreen but not the app Run-by-smartscreen and I also want to test WD without SS because there are so many ways to ignore SS lookup. Sorry for the confusion
I should have clarified it in the test


I think I disagree with that. It's true in theory, I guess
however, during my test with the high settings, WD allowed everything to run -> analyzed and blocked if they were malicious, if not, no notification from the beginning. It worked like a BB but not BB

I noticed some files were running for 10s and then disappeared. At the same time, the CPU usage of WD process was significantly increased -> a sign of it analyzing the files -> then WD showed a noti. with malwares were detected

WD is quite aggressive as it uploaded files even when I was right-clicking the undetected samples
it consumed >100MB of my VPN bandwidth. Once in the past, WD used to consumed all of my 200MB daily limit :( and my VPN was automically disconnected during the test => I must have stopped the test immediately to protect myself
Evjl's Rain the last pack of malware was pretty strong (8/8) all AV's failed.But the most disappointed results was from WD (max settings) and SHP, the last days in hub.I expected more from this two.
 

Evjl's Rain

Level 43
Verified
Trusted
Content Creator
Malware Hunter
Evjl's Rain the last pack of malware was pretty strong (8/8) all AV's failed.But the most disappointed results was from WD (max settings) and SHP, the last days in hub.I expected more from this two.
I, instead, never expect them to perform well because according to my experience, they never give a clean result especially for sophos
Their signatures are so bad that is a reason for infection. If they signatures are better, they would have had better results
also, I was disappointed with WD VPN bandwidth consumption. It consumed 150MB yesterday while bitdefender free only consumed 15MB, sophos 18MB
During the test, WD uploaded everything to the cloud => privacy concern???

I think there are some ways to get a clean result in this test
- avast hardened mode + syshardener/H_C blocking all scripts
- Block all scripts + Run everything .exe with smartscreen
- any anti-exe, comodo firewall (not preferred as they always work)
- Kaspersky's trusted application mode
 
Last edited:

Nestor

Level 8
I, instead, never expect them to perform well because according to my experience, they never give a clean result especially for sophos
Their signatures are so bad that is a reason for infection. If they signatures are better, they would have had better results
also, I was disappointed with WD VPN bandwidth consumption. It consumed 150MB yesterday while bitdefender free only consumed 15MB, sophos 18MB
During the test, WD uploaded everything to the cloud => privacy concern???

I think there are some ways to get a clean result in this test
- avast hardened mode + syshardener/H_C blocking all scripts
- Block all scripts + Run everything .exe with smartscreen
- any anti-exe, comodo firewall (not preferred as they always work)
- Kaspersky's trusted application mode
With CF,CIS, CS settings or not,or VS with any free AV, i believe will do the job!
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
With CF,CIS, CS settings or not,or VS with any free AV, i believe will do the job!
If you are using Trusted Vendor list in Comodo, then any malware signed by the vendor from that list will be allowed. VoodooShield in AutoPilot mode will allow all true 0-day malware.
Using AV with CF/VS is OK, but it has also some cons:
  • a potential problem with system stability,
  • many false positives from CF or VS.
Because of the false positives, most non-advanced users will probably use one or two on-demand scanners for checking the 0-day malware and infect the computer anyway. Nothing is perfect.
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
@Andy Ful - I have the "Run As SmartScreen" in right click context menu but neither "RAS" or "Run by SmartScreen" in Explorer context menu. I'm sure there was a post(s) on this issue but I'm unable to find it in the 35 pages of this thread. :emoji_disappointed::rolleyes::unsure:
You will find nothing about that issue. Some other application changed the default Explorer settings.
 

Nestor

Level 8
If you are using Trusted Vendor list in Comodo, then any malware signed by the vendor from that list will be allowed. VoodooShield in AutoPilot mode will allow all true 0-day malware.
Using AV with CF/VS is OK, but it has also some cons:
  • a potential problem with system stability,
  • many false positives from CF or VS.
Because of the false positives, most non-advanced users will probably use one or two on-demand scanners for checking the 0-day malware and infect the computer anyway. Nothing is perfect.
Yep, no solution is perfect,the real strength is to eliminate the possibilities to be infected,Today in hub there was a signed malware,maybe CF will not sandbox it,but the case here is if it will catch it through HIPS or FW,i believe it will.
 

shmu26

Level 83
Verified
Trusted
Content Creator
Yep, no solution is perfect,the real strength is to eliminate the possibilities to be infected,Today in hub there was a signed malware,maybe CF will not sandbox it,but the case here is if it will catch it through HIPS or FW,i believe it will.
If the signer is honored by Comodo, the malware will fly by the protection, and not just the autocontainment protection, but also the HIPS and firewall. All these components honor digital sigs, and granted "trusted" status to the file.

But you can hope that the signed malware is just a dropper -- it usually is-- and the payload is unsigned. However, if that is the case, you don't need Comodo to stop it. SRP will stop it even faster, and in fact, speed is very important if the payload runs after a reboot.
 

oldschool

Level 35
Verified
You will find nothing about that issue. Some other application changed the default Explorer settings.
I do have RunAsSmartscreen in Explorer context menu. I think I had mistakenly toggled it off. But should RunBySmartscreen be there as well? I do not have that.

VoodooShield in AutoPilot mode will allow all true 0-day malware.
Using AV with CF/VS is OK, but it has also some cons:
  • a potential problem with system stability,
  • many false positives from CF or VS.
Because of the false positives, most non-advanced users will probably use one or two on-demand scanners for checking the 0-day malware and infect the computer anyway. Nothing is perfect.

I had much more trouble understanding CF FPs than VS, so I ditched it. I currently use VS in Always On mode. Being a non-advanced user I don't have issues with it. No FPs except for an occasional familiar file already on the computer, which is not a problem for me.
 

silversurfer

Level 52
Verified
Trusted
Content Creator
Malware Hunter
I do have RunAsSmartscreen in Explorer context menu. I think I had mistakenly toggled it off. But should RunBySmartscreen be there as well? I do not have that.
Run By SmartScreen is here in the explorer-context-menu if you had changed the settings via "Recommended Restrictions"
"Recommended Restrictions" => "Run As SmartScreen" = "Standard User"

Run As SmartScreen is in the explorer-context-menu if the settings are default via "Recommended Restrictions"
"Recommended Restrictions" => "Run As SmartScreen" = "Administrator"
 

oldschool

Level 35
Verified
Run By SmartScreen is here in the explorer-context-menu if you had changed the settings via "Recommended Restrictions"
"Recommended Restrictions" => "Run As SmartScreen" = "Standard User"

Run As SmartScreen is in the explorer-context-menu if the settings are default via "Recommended Restrictions"
"Recommended Restrictions" => "Run As SmartScreen" = "Administrator"
Edit: I'm using "Recommended SRP" + "Recommended Restrictions" -> Run As Smartscreen = Administrator. I installed H_C from SUA.
No Run By SmartScreen in Explorer
 
Last edited:

Andy Ful

Level 48
Verified
Trusted
Content Creator
I do have RunAsSmartscreen in Explorer context menu. I think I had mistakenly toggled it off. But should RunBySmartscreen be there as well? I do not have that.
No. Only one of them should be present in Explorer context menu. 'Run As SmartScreen' is related to default-deny SRP and 'Run By SmartScreen' to default-allow SRP.
Default-allow can be set when <Default Security Level> = Unrestricted.
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
I have now read enough of the Manual that I'm finally understanding it better. Now all set and comfortable with my configuration.

Windows Defender
Hard_Configurator
Tinywall
VoodooShield Pro

Thanks to all for your help!
It is a very good setup. Personally, I would skip VoodooShield for the better stability, or would keep WD + VoodooShield which is more user-friendly than Hard_Configurator.(y)
 

oldschool

Level 35
Verified
It is a very good setup. Personally, I would skip VoodooShield for the better stability, or would keep WD + VoodooShield which is more user-friendly than Hard_Configurator.(y)
I have H_C set at your 'set and forget" settings which is OK for me. Also, I do not foresee installing any new software since I have tried enough here on the forum. VS also is no problem for me as my system appears stable and snappy. BTW, I really like Edge - aside from a couple of annoying bugs. I guess one could say I've come over to the Dark side since I am now quite fond of Windows. :LOL:(y)