Der.Reisende

Level 40
Verified
Trusted
Content Creator
Malware Hunter
and why not installing proactive defence?
Proactive defense is a preset in both Comodo Internet Security (which has an offline antivirus on top) and the Firewall (which only has a cloud antivirus, making it most compatible to an AV product of your choice, with better signatures than Comodo Internet Security).
Both products have Auto-Sandbox on, in both the stock "Internet Security / Firewall Security" preset as well as in Proactive Security preset. Last mentioned will activate HIPS on top and protect even more registry entries / drivers... which can lead to conflicts with products not contained in the huge list of trusted vendors. And you'll get more alerts in Proactive Security.
Depending on your choice, Proactive is way more secure, but can lead to conflicts. I've tested Comodo Internet Security for nearly a month now (without the Proactive Preset) and only due to a sudden (and not repeatable) technical error I had a ransomware not being sandboxed. Every other harmful file I threw on it was sandboxed as not being in the list.
 

cruelsister

Level 36
Verified
Trusted
Content Creator
Jashin- I could go on for a while about this, but the main reason for using Proactive over Firewall configuration is that in the Firewall configuration only files that execute from CERTAIN AREAS will be isolated in the sandbox; in Proactive configuration files executing from ANY AREA will be isolated in the box. An example- with the Firewall Configuration if you download a malicious exe from the internet and save it to the Download directory and run it from there you will be protected. But if you save that same file to the Desktop and run it from there you are screwed. With the Proactive Security configuration you can save the file anywhere and run it from anywhere and you will be fine.

The first thing you must do when installing CF is to make that change to Proactive security. NEVER EVER use the Firewall Security configuration (NEVER EVER).
 

shmu26

Level 83
Verified
Trusted
Content Creator
the sandbox of proactive config applies to your whole system.
the sandbox of internet security config only applies to your downloads and a few other select areas. So it is less secure, but much less troublesome. It won't mess with your Windows folder and your installed programs that you know and trust.
It's up to you -- more security means more headache.

EDIT: I see that CS and Der.Reisende already addressed these points...
 
Last edited:

Der.Reisende

Level 40
Verified
Trusted
Content Creator
Malware Hunter
that sounds interesting. could you elaborate on that technical error? Do you mean a user error, or a malfunction in COMODO defense?
A malfunction related to my OS I'd say. When I started testing CIS, I regularly had BSODs, which I thought (and might be) related to conflicts of malware being sandboxed and performing their actions in there. However, since I had to refresh (kinda reinstall) my OS due to a beta test of CIS 10, which I couldn't get uninstalled, I never had any BSOD related to CIS again. I think there was something wrong on my base system (ShadowDefender protected) which you couldn't know by normal usage, but by chance due to CIS testing. The infection happened because a ransomware was not sandboxed, UAC accepted, encryption done.
However, I retried on the same system before the refresh, and did not have the infection again (sandboxed before and after UAC). I have tested many malware since then, everything unknown got sandboxed, system was clean every time (encryption inside sandbox), only dropped malware was detected by 2nd opinion scan when using Macro Viruses, because the Word file was not suspected malicious. However, the dropped payload was indeed sandboxed when triggered.
 

shmu26

Level 83
Verified
Trusted
Content Creator
A malfunction related to my OS I'd say. When I started testing CIS, I regularly had BSODs, which I thought (and might be) related to conflicts of malware being sandboxed and performing their actions in there. However, since I had to refresh (kinda reinstall) my OS due to a beta test of CIS 10, which I couldn't get uninstalled, I never had any BSOD related to CIS again. I think there was something wrong on my base system (ShadowDefender protected) which you couldn't know by normal usage, but by chance due to CIS testing. The infection happened because a ransomware was not sandboxed, UAC accepted, encryption done.
However, I retried on the same system before the refresh, and did not have the infection again (sandboxed before and after UAC). I have tested many malware since then, everything unknown got sandboxed, system was clean every time (encryption inside sandbox), only dropped malware was detected by 2nd opinion scan when using Macro Viruses, because the Word file was not suspected malicious. However, the dropped payload was indeed sandboxed when triggered.
thanks.
I learn from this story that if a person is seeing BSODs related to COMODO, then he should not assume that COMODO will always behave as expected when malware comes along. This is probably true of all security software.
 
D

Deleted member 2913

I like all the suggestions here, every one have their experience, setup, etc... with Comodo software.

I am a long time user of Comodo & it was the first ever firewall I installed & the first ever forum I joined And learned a lot there in the initial days. I am with Comodo & used FW & AV right from Beta 2 of the software. Later CIS was born combining both & they have come a long way improving the product, usability, protection, etc...

I have mostly used CFW with no AV, no 3rd party AV, no additional realtime security, etc...
My setup was mostly -
Customize the GUI/Appearance stuffs like Comodo messages, upgrade tab, sound notifications, etc...
Protection wise, always used defaults with little customization.
I have always used "Internet Security" config --- Its default config with CIS suite install --- Balanced protection & usability.
But with CFW only install too, I use "Internet Security" config.
Few customization only ---
FW settings - "Dont show popup messages" --- Unchecked
"Do not virtualize access to the specified files/folders" --- Unchecked
"Enable automatic startup for services installed in the Sandbox" --- Unchecked

Previously I use to test security software for my personal review. And I had tested CFW many times with the above mentioned defaults & customization And its kinda one of my fav software, I use to test it longer i.e I use to start a test & after test completion, use to keep the system as it is & continue the test in couple of days then again in couple of days.......... I use to test on real system (no personal data, etc... but software Adobe, Java, Office, PDF, etc... installed) And the system was never infected.

Guess, our frd "Der.Reisende" here also test CIS defaults in MalwareHub And CIS is excellent everytime.

If you ask me "Comodo Firewall without AV", I would say ---
If you are familiar or have experience with CFW/CIS then understand the customization & start with couple customization (Better test with software install, etc... & experience the usability, protection, etc... with the applied customization, understand & learn to move files to Trusted/Unrecognized or out of sandbox, etc...)
If you are new to CFW/CIS then start with defaults, get familiar with the GUI, understand & learn the basics like moving files out of sandbox, set programs/files as trusted, etc... And then step by step understand/learn/test & apply customization.

As for me, I have used the mentioned settings/customization only & never had probs, malware, etc...