Advice Request How to setup COMODO HIPS to alert for all unrecognized apps every process ?

[kylprq]

when disable auto containment hips doesnt show any alerts for unrecognized apps it will only alerts when unrtrusted apps run?

 

[ZeroDay]

Enable paranoid mode it's really the only way to run Comodo's HIPS.

 

[kylprq]

Enable paranoid mode it's really the only way to run Comodo's HIPS.

when enabled its block system files and drivers especially it hates synaptics and gives too much popups even for task manager keyboard and display access

 

[ZeroDay]

Paranoid mode offers much better protection but it will drive you insane. However it will do the job you want it to do.

when enable its block system files and drivers especially it hates synaptics

You just have to spend some time learning how to use HIPS in paranoid mode unfortunately there's no shortcuts. It's the only way to get the very best protection out of Comodo's HIPS or indeed CF/CIS full stop. I would have a good read through the Comodo section on this forums and read the official documentation. It may take a while but it will be worth taking that extra time to learn.

 

[kylprq]

ı have to exclude one by one then

 

[LDogg]

May I ask why you need know every process of untrusted app? If you didn't trust them yourself I wouldn't run or even install them. Comodo base settings can be enough, CS (cruelsister) settings should be suffice.

What are these untrusted app(s) name? (for curiosity purposes and a better understanding overall of your post.

~LDogg

 

[kylprq]

with cs settings cf block everyhing without ask lots of safe files but if hips give you alerts you can select whatever you want

these apps are not untrusted as i write they re unrecognized

apps name lots of them ie file encryption utils like gpg4win or 7 zip etc

 

[shmu26]

Unrecognized apps should be automatically marked as such in the file list. Are they properly marked in your file list? That is the first thing to check. If you switch to Proactive config, and you disable autocontainment, every action of every unrecognized process will produce a HIPS prompt. HIPS should be in safe mode. In safe mode, it will allow all your system processes without prompt, and ditto for all your trusted applications. But as soon as an unrecognized process comes along, you will get prompts for every action.

 

[kylprq]

If you switch to Proactive config, and you disable autocontainment, every action of every unrecognized process will produce a HIPS prompt. HIPS should be in safe mode. In safe mode, it will allow all your system processes without prompt, and ditto for all your trusted applications. But as soon as an unrecognized process comes along, you will get prompts for every action.

it doesnt as ı am saying using cs settings with proactive config

as zeroday says hips only works with paranoid mode this way

 

[BoraMurdar]

That's why because it's named "paranoid"

 

[shmu26]

I think there is a misunderstanding here. You don't need paranoid mode to get prompts from unrecognized processes. If you are not getting prompts from them, and HIPS is enabled and set to safe mode, then Comodo is broken. Uninstall, reboot, and reinstall. What you are seeing is not expected behavior. The only reason not to get prompts is if the process is sandboxed. Otherwise, you need to get prompts, or else you have almost no protection at all, and most malware will infect your system.