Advice Request How is Your Experience with Comodo CIS/FW v10 so far?

[shmu26]

Well, if you use the widget to open Chrome, you don't have the feature available. However, if you find the sandbox rule for Chrome in the Comodo settings and double click on it, there is a setting there to limit the memory usage of processes running in the sandbox. There is a "Criteria" tab and next to it is an "Options" tab. The memory limiting is there. Anyway, you answered my question lol.



Yes. In this case, I wonder if it's the embedded script interaction with the sandbox. I turned on all the embedded script protections as you know, and now Comodo prompts to block the webshield.exe script from Qihu when I open Chrome normally. Maybe this causes a conflict. Chrome starts as a single process in the sandbox from the widget, then goes to two for just an instant after about 20 seconds and then closes. This makes me wonder if that's when the extensions are loading. I don't have time to hunt this one down unfortunately.

No dice in the admin account. Same thing. Thought maybe having installed in the standard account (can't remember which I used to install Chrome) could have been a problem somehow. I don't think that would be a problem ever honestly. I seem to remember this same issue back before I reinstalled Windows about 4-5 months ago. Dragon (Chrome based) would run in the Comodo sandbox (no webshield.exe now that I think about it...not available for Dragon) but not Chrome. I seem to recall that not even the 360 sandbox would work with Chrome.exe. Firefox worked fine. Can't test in a standard account because 360 sandbox isn't available under limited rights. Kind of a poison pill of 360 right now that so little is available in l/r accounts.

Anyway, no harm. I don't feel like I need the sandbox. Thought I would test the memory limiting feature of the s/b to see how it works.

Try opening an incognito window of Chrome, it cuts out all the extensions that might be incurring the wrath of the embedded code detection god.
If you right-click on a Chrome shortcut on your desktop or status bar, you should get an option for incognito.

 

[AtlBo]

Try opening an incognito window of Chrome, it cuts out all the extensions that might be incurring the wrath of the embedded code detection god.
If you right-click on a Chrome shortcut on your desktop or status bar, you should get an option for incognito.

Only get the option for the task bar shortcut. I adjusted the normal sandbox rule to run virtually->partially limited (Options). Same result. I am kind of surprised. Really good idea to try that.

 

[Av Gurus]

Well, if you use the widget to open Chrome, you don't have the feature available. However, if you find the sandbox rule for Chrome in the Comodo settings and double click on it, there is a setting there to limit the memory usage of processes running in the sandbox. There is a "Criteria" tab and next to it is an "Options" tab. The memory limiting is there. Anyway, you answered my question lol. I think to get it to work you would have to open Chrome from a shortcut. However, the sandbox rule can't be an ignore rule, it has to be changed to Run Restricted I believe, for the memory option to be available. You can then adjust the restriction to partial, limited rights, or full. It's all there in the Options tab.

Here are my Comodo Firewall settings:

 

[shmu26]

Only get the option for the task bar shortcut. I adjusted the normal sandbox rule to run virtually->partially limited (Options). Same result. I am kind of surprised. Really good idea to try that.

You have more patience than I do. I punished Comodo by hitting the uninstall button a couple days ago. This is the wrong thread to mention this, but Voodooshield charges much less pain per ounce of protection.

 

[AtlBo]

Here are my Comodo Firewall settings:

A true cruelsister devotee lol . You are a sandbox master of the simplest (I mean wisest here) form.

Don't worry about it AV Gurus. You wouldn't have a Chrome sandbox rule to play with with that setup. If you did it would be in the 5th pic.

I think because I choose to see the privilege elevation alerts (your 4th pic lower rectangle) I end up creating sandbox rules for alot of applications, Chrome being one. I didn't realize you don't even have a rule. I don't recommend the privilege elevation alerts setting unchecked as I have it, but it is one way to see a little bit inside what developers are thinking with their program. Not sure why I like to do this, and I guess it's the same reason I use the HIPs.

 

[cruelsister]

HI Guys- As I use CF myself, I have obsessed over the years at the optimal settings for both safety and usability (after all, we use the computer for High and Noble things, and not to get interrupted by constant stupid alerts from a Security product). Clicking on other stuff in CF and adding arcane rules really only adds to a decrease in usability without commitment increase in safety.

I mean, if one wants to make things more difficult than is needed, fine. But again I'm only a lonely Girl from NYC trying to make her way in a confusing world and need things simple.

But the real reason for this post- was anyone offended by my making light of things in the video posted above? Far too often are Security videos really serious, and malware should be fun!

 

[AtlBo]

You have more patience than I do. I punished Comodo by hitting the uninstall button a couple days ago. This is the wrong thread to mention this, but Voodooshield charges much less pain per ounce of protection.

I understand

OK so here are some things I notice about (FW/CIS/A-V):
1. Comodo needs to fix the script monitoring. It should be able to monitor all kinds of scripts, embedded and otherwise.
2. Devs should add an auto-purge option for files lists at least. Rules lists auto-notification to purge would be good too.
3. The current FW/Proactive/Internet Security configurations should be modified so that someone can with no adjustments run cruelsister's settings. Maybe even name it cruelsister . Then other packages could employ HIPs, etc. and go a little bit further. Some PC owners like to know what programs are doing. I think it's really mostly about how much knowledge a user wants from the program as long as the protection is there.
4. Should be a feature for trimming Trusted Vendor List and they should be saved in exported settings (checked yesterday and they apparently still are not)
5. Should be an option for Cloud lookup to present its findings as a choice or choices (such as Trusted file or updating the TVL). Valkyrie is a promising idea, and I hope it's developed too.

BTW, for anyone wondering, none of this is intended to take away from the fact that cruelsister's settings are all the protection anyone needs (other than some good firewalling and general PC operational sensiblity). These are things I would like to see in the program personally.

But the real reason for this post- was anyone offended by my making light of things in the video posted above? Far too often are Security videos really serious, and malware should be fun!

You know what's fun cruelsister-------->O-V-E-R-K-I-L-L! I am kind of just kidding

 

[Deleted member 178]

@cruelsister My Dear, take some risks, try to make the most usable setup of comodo with HIPS on Paranoid Mode , without sacrificing security

 

[Hector1]

Terrible. I install Comodo 10 IS and it was useless, reputation and scans took hours, and it detected windows files as unknown and kept crashing the system.

For me scan took 15 minutes and I have only 6Gbites RAM, did you a clean instal before installing comodo?

 

[EASTER]

I guess i'm doing this right. Please feel free to comment with your best suggestions or even opinions.

Still a bit new at this but as a long time HIPS devotee I am so luvin' this thing more everyday.

What I done or am doing, for better or worse, is selected a few crucials [regedit.exe/cmd.exe] in the File List and mark them Untrusted (File Rating) and I get a nice sweet HIPS-Style pop-up (Containment) offering a selection of course, either RUN INSIDE THE CONTAINER (w/ whatever rules you set for it) or RUN UNLIMITED or BLOCK.

If no answer for a period of time it is auto-sandboxes. Yeah

For you Comodo experts this is likely a real piece of cake and old hat to clarify. Even noobs are probably on top of this one too.

What am I missing here?

I want to add a desktop folder/various folders maybe and set it so any executable which inside that gets clicked on that same pop-up box w/Options comes up.

I really don't mind the pop ups like this since HIPS is currently set to Disabled anyway.

But I don't want to invent trouble where there is none either.

There's probably a fine line between the ALERTS but right now focusing on CONTAINMENT (Privilege Elevations) only side.

 

[AtlBo]

Easter: How are you handling Advanced Protection->Miscellaneous->"heuristic command-line"? I have enabled them all along with embedded script protections, but I have seen mentions of what you are doing. My understanding is that "h c-l" accomplishes the same thing you are doing but on a script by script basis rather than by governing the behavior of the script engine. The feature creates a file for each individual script and then issues a pop up for that script, which you can handle any way you like.

There is a problem with enabling all the protections of "h c-l" that leads to pop ups and other annoyances if you run a program that creates the same script over and over with a different name (temp scripts are this ways sometimes). If you don't run into that the "h c-l" should work well for you if you would like to try it to see. Otherwise, it sounds like your way should work fine if you don't get too many pop ups.

 

[EASTER]

Easter: How are you handling Advanced Protection->Miscellaneous->"heuristic command-line"? I have enabled them all along with embedded script protections, but I have seen mentions of what you are doing. My understanding is that "h c-l" accomplishes the same thing you are doing but on a script by script basis rather than by governing the behavior of the script engine. The feature creates a file for each individual script and then issues a pop up for that script, which you can handle any way you like.

Same way. All ticked and functioning.

There is a problem with enabling all the protections of "h c-l" that leads to pop ups and other annoyances if you run a program that creates the same script over and over with a different name (temp scripts are this ways sometimes). If you don't run into that the "h c-l" should work well for you if you would like to try it to see. Otherwise, it sounds like your way should work fine if you don't get too many pop ups.

My plan is to get some of those ALERTS just to jump up for me. I still have some settings to auto-contain but working on it.

Mainly this is a CONTAINMENT side interest only right now. Sandbox + Firewall for now and it's a real treat just this combo.

Earlier today I was eager to install and run 360TS w/both engines but ran into resource conflicts (odd isn't it?) Will try another one later.

No matter. Will just keep plugging along and soon enough get a handle on matters to expectation. I hope LoL

Ya gotta luv this thing and so long as they keep improving it, as a non-fan of Comodo in general, I am all in with their CFW 10 with much glee!

 

[blueblackwow65]

Hi is it possible to use cruel sisters settings in Comodo antivirus ,? I find the firewall slows my machine and internet,but I see no comodo CIS with options of what to install and pretty much all settings the same ,..Thks

 

[garlictaker]

Hi is it possible to use cruel sisters settings in Comodo antivirus ,? I find the firewall slows my machine and internet,but I see no comodo CIS with options of what to install and pretty much all settings the same ,..Thks

She doesn't use any of AV but CFW, AFAIK. I think CIS options are almost same as CFW, with just a little addition of AV things.

Here's my CIS setting//

Spoiler

cruelsister's firewall setting
+
Antivirus setting - Stateful Mode
Realtime Scan tab
Scan computer memory after the computer starts: YES
Use heuristics scanning: YES, Medium

Scans
Full Scan-Options
Use cloud while scanning: YES
Use heuristics scanning: YES, High
Quick Scan-Options
Use cloud while scanning: YES
Use heuristics scanning: YES, Medium

 

[shmu26]

She doesn't use any of AV but CFW, AFAIK. I think CIS options are almost same as CFW, with just a little addition of AV things.

Here's my CIS setting//

Spoiler

cruelsister's firewall setting
+
Antivirus setting - Stateful Mode
Realtime Scan tab
Scan computer memory after the computer starts: YES
Use heuristics scanning: YES, Medium

Scans
Full Scan-Options
Use cloud while scanning: YES
Use heuristics scanning: YES, High
Quick Scan-Options
Use cloud while scanning: YES
Use heuristics scanning: YES, Medium

Right. You can use CS settings in CIS, no prob. Make sure to switch to Proactive config, of course.
If internet slow, turn off webfilter.