Advice Request How is Your Experience with Comodo CIS/FW v10 so far?

[AtlBo]

Hello everyone. Wanted to post this to find out whether you guys are liking Comodo v10. It's my personal impression that it's quite a measure better than the best of v8 with fewer bugs.

First a shout out for Comodo. I am using the FW version, and I would like to comment that I feel Comodo seems to me in the FW to have at least worked on getting the very most important elements of the program to function properly and dependably. At the same time, I don't sense that there is unpredictability hiding in CFW like I sensed with v8 and previously . This causes me to have confidence and not feel that the program is going to let me down somehow. Great job Comodo is my early impression.

Otherwise, I like the program. Can it be better? Yes, I think so, but now I am even more looking forward to v11 than I was looking forward to 10.

Please post comments. I am very interested in this topic. If I am right about dependability, I am curious if a dependable Comodo CIS/FW will push other security companies to double time plans they may have had for their product .

 

[509322]

"Disappearing rules" bug still not fixed ? Anyone thoroughly test it and verify that it has been fixed ?

 

[shmu26]

"Disappearing rules" bug still not fixed ? Anyone thoroughly test it and verify that it has been fixed ?

how to test it? It was such an erratic thing in the first place. hard to reproduce.

I am impressed by the better autosandbox rules for firewall config, and the general non-bugginess. If you trust a file, it stays trusted, and vice versa. Has a solid feel.

Also the HIPS seems more reliable. I think they added a new rule for explorer.exe, that it cannot execute an unrecognized file without asking first. That prevents HIPS from maybe skipping over an unrecognized file when you try to open it.

 

[509322]

how to test it? It was such an erratic thing in the first place. hard to reproduce.

Enable HIPS and Firewall Training modes. Keep enabled for a week. Move rules around within the GUI - like sort them alphabetically. Sometimes the will disappear within hours, other times it takes days.

 

[AtlBo]

Only thing I notice so far is having to change rules twice sometimes. It isn't the checkboxes or anything, just changing the file rating or when I changed the All Applications/Unrecognized sandbox rule to "Run Restricted".

I noticed that importing settings didn't import the Trusted Vendors list. Not a bug, but I thought I would mention it if someone is thinking of archiving settings.

 

[Tony Cole]

Would never test Comodo - disaster waiting to happen, they never listen to their users, as Jeff_T stated bugs from previous years still present. That should tell users something about the companies ethos and practices.

 

[HarborFront]

Great! I'm using CFW.

Seeing the HIPs, SB and FW in action makes me know that the program is working well

 

[Evandro]

THE PROGRAM'S INTERNET FILTERING MODULE IS NOT WORKING! SINCE THE NEW VERSION HAS BEEN LAUNCHED!

 

[Deleted member 2913]

There was a bug in the latest version, dont know was fixed with any updates or not?

Any/All files appeared in "Trusted Files" i.e if I am correct, unknown files were correctly autosandboxed But appeared in "Trusted Files" BUT protection was not affected.

 

[shmu26]

Enable HIPS and Firewall Training modes. Keep enabled for a week. Move rules around within the GUI - like sort them alphabetically. Sometimes the will disappear within hours, other times it takes days.

Today, I installed CFW 10, and added my entire C drive to trusted files.
Then I deleted the entire trusted vendor list. (But you can't delete Comodo)
I also disabled cloud lookup.
Then I searched and scrolled around in the vast file list that was created, I searched for various combinations of letters.
I could not get my rules to disappear or to glitch.

 

[lab34]

Hello,
From my short experience, the rules that can "disapearing" are the "Global Rules".
If you go to the tasks / firewall tasks / Stealth ports, and choose a strategy, it replaces the Global Rules with a predifined sets of rules, according of what you have chosen. So you lose what you put in Global Rules.
But I think it's not a bug in that case.

 

[Andytay70]

I have an issue with the unrecognized files on the advanced view it says 2 unrecognized files but when i click to view nothing is there?
I have searched file list under file ratings and nothing there??
The taskbar icon near the clock keeps flickering too

 

[AtlBo]

Then I searched and scrolled around in the vast file list that was created, I searched for various combinations of letters.
I could not get my rules to disappear or to glitch.

Hello shmu26. I haven't run into the issue in 3 months of scouring about the files list and TVL. Maybe the bug is at least squelched for now.

Interesting. I turned on all the embedded script protections in Advanced Protection->Miscellaneous. Well, I do get the issue again where script reliant browser extensions cause recurring additions to the files list (creates a HIPS rule if setting is "remembered") and the scripts are placed in tempscrpt like before. I guess in my case it would be the embedded script function for cmd.exe. I don't want to turn that off, so I guess I will live with this until I can buy Comodo or until they come up with something clever for whitelisting safe but randomly generated scripts.

I don't like that Comodo is choosing to back off of protection to try to avoid this kind of problem. There is always a clever solution for these issues. I know it doesn't happen to all that many users, but a clean fix is part of a clean security solution, something they should be striving hardest to achieve. At any rate, I am liking Comodo more over time but in very slow increments. Still getting used to the program. NVT ERP is still super valuable as a live 2nd look at executables and to approve/allow/whitelist command lines.

I have an issue with the unrecognized files on the advanced view it says 2 unrecognized files but when i click to view nothing is there?
I have searched file list under file ratings and nothing there??
The taskbar icon near the clock keeps flickering too

For me, the internet connections list is broken. Ran the repair but it found no problems. Nothing at all shows up in the list. Killswitch works fine though.

 

[PCGamer]

To be Honest I've voted "Other"
As I never tested Comodo and never will
I Prefer Kaspersky as a company and Thier Product KIS.

 

[shmu26]

Interesting. I turned on all the embedded script protections in Advanced Protection->Miscellaneous. Well, I do get the issue again where script reliant browser extensions cause recurring additions to the files list (creates a HIPS rule if setting is "remembered") and the scripts are placed in tempscrpt like before. I guess in my case it would be the embedded script function for cmd.exe. I don't want to turn that off, so I guess I will live with this until I can buy Comodo or until they come up with something clever for whitelisting safe but randomly generated scripts.

Yes. I suffer from this too, as do many other Comodo users.
And yes, there is a workaround.

You can do like this: in autosandbox, you make an "allow" rule for the two cmd.exe files that are found on a 64 bit system. Then, in file list, you mark the two cmd.exe files as "unknown." (You might have to run them first, to make them appear in the list.)
Now you will get HIPS prompts every time cmd.exe runs, and you can make rules on the fly to allow your trusty apps.

I think the embedded code feature is more comprehensive (it should also cover cmd.exe running in memory, if I understand right), but this workaround is still pretty good.

 

[AtlBo]

Yes. I suffer from this too, as do many other Comodo users.
And yes, there is a workaround.

Thanks. Did this:

1. Sandbox set to "ignore" for both cmd.exes
2. Set them both to "Unrecognized" in files list
3. Made sure webshield.exe (Chrome extension) was "Unrecognized" in files list
4. Set all HIPs rules to ask for both cmd.exes
5. Turned off embedded detection for cmd.exe in Advanced->Misc
6. In HIPs set webshield.exe to ask (was allowed) for all HIPs protections

Opened browser and HIPs for webshield.exe didn't fire off as I expected. Not sure why. Double checked the file list and all are unrecognized. Tried the following:

7. Set HIPs Protections settings (tab next to the individual Access Rights settings) to Active also (not sure what this does)

No alert. These rules are tedious !. Unless you have an idea of where I went wrong I guess I will set everything back and live with the minor inconvenience with the files list.

 

[FrFc1908]

I did use cis for a while but it became buggy a couple of times for me: random cpu spikes , heavy impact on browsing speed boot and shutdown time. Gray screen before actual login screen. Switched to the firewall only with cs settings and the problems are gone. The culperates where more than likely the av module and secure shopping part. So all in all I am not impressed!!! I hope they will learn from their mistakes in the next major devellopment when it comes to coding. Plus the will have an improved beta cycle and not release the final after 1 or 2 beta's because the fanboys want it so much.voted for poor/buggy btw.

 

[DJ Panda]

CFW was one of the worst programs I ever used. It practically crippled my computer and after 10+ reboots I could finally uninstall it. Hard to distinguish whether or not its a virus...

 

[shmu26]

Thanks. Did this:

1. Sandbox set to "ignore" for both cmd.exes
2. Set them both to "Unrecognized" in files list
3. Made sure webshield.exe (Chrome extension) was "Unrecognized" in files list
4. Set all HIPs rules to ask for both cmd.exes
5. Turned off embedded detection for cmd.exe in Advanced->Misc
6. In HIPs set webshield.exe to ask (was allowed) for all HIPs protections

Opened browser and HIPs for webshield.exe didn't fire off as I expected. Not sure why. Double checked the file list and all are unrecognized. Tried the following:

7. Set HIPs Protections settings (tab next to the individual Access Rights settings) to Active also (not sure what this does)

No alert. These rules are tedious !. Unless you have an idea of where I went wrong I guess I will set everything back and live with the minor inconvenience with the files list.

You might have overthought it.
steps 3, 4 and 6 are not necessary, and I don't even know what step 7 is.
When I overcomplicate things, I just go and delete the HIPS rules that I messed up, and let them get recreated. In this case, you could delete HIPS rules for cmd.exe and for webshield.exe.

 

[shmu26]

You might have overthought it.
steps 3, 4 and 6 are not necessary, and I don't even know what step 7 is.
When I overcomplicate things, I just go and delete the HIPS rules that I messed up, and let them get recreated. In this case, you could delete HIPS rules for cmd.exe and for webshield.exe.

@AtlBo, you went pretty deep into Comodo HIPS. If you can't find your way out of the woods, you could try posting on the Comodo forum. The guys over there know the product pretty well.
I must admit that you are dealing with certain settings that I don't rightly understand.