Is there an anti-executable / application whitelisting component in CIS?

Status
Not open for further replies.
Y

yigido

Use proactive configuration and go to sandbox settings. By default proactive security will virtualize all unknows files.
If you want to block all files but whitelisted files.
See help: https://help.comodo.com/topic-72-1-623-7763-Configuring-Rules-for-Auto-Sandbox.html
Set "Block" for others.. So CIS only allows whitelisted ones, others will blocked.. Protection %100

You can dig into help files to learn more (like me) : https://help.comodo.com/topic-72-1-623-7587-Introduction-to-Comodo-Internet-Security.html
 
  • Like
Reactions: DardiM, Sr. Normal 2.0, shmu26 and 2 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
but do keep in mind that COMODO has thousands of trusted vendors on their list and in their cloud base, and they themselves co-sign a lot of software too, so what you consider "unknown" might be quite different from what COMODO considers "unknown".
 
  • Like
Reactions: askmark
Y

yigido

shmu26 said:
but do keep in mind that COMODO has thousands of trusted vendors on their list and in their cloud base, and they themselves co-sign a lot of software too, so what you consider "unknown" might be quite different from what COMODO considers "unknown".
Click to expand...
Comodo may sells digital signatures but they do not add them blind-fully!
There are very strict rules for entering to Trusted Vendors List.
 
  • Like
Reactions: askmark and shmu26
H

hjlbx

Spiritus Sancti said:
I really want to secure my PC with anti-executable / application whitelisting technique.

Is there such a component in CIS?
Click to expand...

Yes.

Two components - HIPS and auto-sandbox.

A. Set auto-sandbox to Block any Unrecognized\Unknown files.

B. Disable "Trust digitally signed files."

* * * * *

For beginner, just do A - and not B.

COMODO can be a challenge for new user - especially if you dive right into all the settings... but you can only learn it by using it... so I suppose you have to start somewhere.
 
  • Like
Reactions: Handsome Recluse, DardiM, Overkill and 5 others
Y

yigido

hjlbx said:
Two components - HIPS and auto-sandbox.

A. Set auto-sandbox to Block any Unrecognized\Unknown files.

B. Disable "Trust digitally signed files."

* * * * *

For beginner, just do A - and not B.

COMODO can be a challenge for new user - especially if you dive right into all the settings... but you can only learn it by using it... so I suppose you have to start somewhere.
Click to expand...
I am long-time user but I prefer A.
I found it very usefull for me and I did not dig into CIS settings much. I found HIPS useless while sandboxing all unknowns.
I even tested malwares on my real machine and I got 0 infection from the first day. Long live Comodo (default-deny)
 
  • Like
Reactions: ZeroDay, askmark and shmu26
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
hjlbx said:
Yes.



B. Disable "Trust digitally signed files."
Click to expand...
let's say you did B, but you want to whitelist your Windows files. How exactly do you go about whitelisting thousands of exe files?
 
H

hjlbx

shmu26 said:
let's say you did B, but you want to whitelist your Windows files. How exactly do you go about whitelisting thousands of exe files?
Click to expand...

Whitelist entire C:\Windows directory under File Rating > Add to Trusted Vendor list

It is in the CIS Help File, but you just do it for the entire C:\Windows directory instead of a single file

You should do this after every Windows update

You can also do the same for C:\Program Files and C:\Program Files (x86)

You will just have to do it to learn how and the quirks... you will see...
 
  • Like
Reactions: Handsome Recluse, Overkill, Av Gurus and 2 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
hjlbx said:
Whitelist entire C:\Windows directory under File Rating > Add to Trusted Vendor list

It is in the CIS Help File, but you just do it for the entire C:\Windows directory instead of a single file
Click to expand...
won't that just add microsoft as a trusted vendor?
 
H

hjlbx

shmu26 said:
won't that just add microsoft as a trusted vendor?
Click to expand...

You're whitelisting the files contained in C:\Windows - and not adding Microsoft to the TVL

Any how, Microsoft should be in the TVL

Making an ultra-paranoid config that COMODO did not intend to be used (but can be made by the user in CIS) might cause bad system malfunctions - and in the end you will blame CIS instead of your config for it
 
Last edited by a moderator:
  • Like
Reactions: Overkill and shmu26
Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
hjlbx said:
Yes.

Two components - HIPS and auto-sandbox.

A. Set auto-sandbox to Block any Unrecognized\Unknown files.

B. Disable "Trust digitally signed files."

* * * * *

For beginner, just do A - and not B.

COMODO can be a challenge for new user - especially if you dive right into all the settings... but you can only learn it by using it... so I suppose you have to start somewhere.
Click to expand...

Settings for A is this (picture)?

Clipboard01.jpg
 
  • Like
Reactions: Overkill and shmu26
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
hjlbx said:
Making an ultra-paranoid config that COMODO did not intend to be used (but can be made by the user in CIS) might cause bad system malfunctions - and in the end you will blame CIS instead of your config for it
Click to expand...
I would turn off autosandbox until I finished whitelisting Windows, as you have previously recommended. But what happens when WIndows pushes a major update? Will the system maybe become unbootable?
what other bad malfunctions should I be prepared to suffer?
 
H

hjlbx

shmu26 said:
I would turn off autosandbox until I finished whitelisting Windows, as you have previously recommended. But what happens when WIndows pushes a major update? Will the system maybe become unbootable?
what other bad malfunctions should I be prepared to suffer?
Click to expand...

Each time Windows Update pushes an update - even a huge one, in reality, relatively few critical Windows files change - meaning the ones you need to load and get into your system.

Besides... if COMODO smash your system to the point where you can't logon - you just F12 - or whatever F-key your system uses - and boot into Safe Mode and whitelist the files while in Safe Mode.

I have never seen it that bad. The worst I have seen is AMD graphics drivers get auto-sandboxed and cause some problems - even a black screen (boot but nothing visible) - but the above is a way to deal with that sort of problem.

This is why it is recommended by experienced MT members that have experience with COMODO, that advanced configuration of COMODO should be undertaken by users that are advanced Windows users before they even put COMODO onto their system.

You can ask @Umbra, @DracusNarcrym , and others that participated in it - about our private COMODO experiment; bottom line is you got to know how to get yourself out of trouble no matter which soft you are using.
 
  • Like
Reactions: Handsome Recluse, Overkill and shmu26
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
hjlbx said:
Each time Windows Update pushes an update - even a huge one, in reality, relatively few critical Windows files change - meaning the ones you need to load and get into your system.

Besides... if COMODO smash your system to the point where you can't logon - you just F12 - or whatever F-key your system uses - and boot into Safe Mode and whitelist the files while in Safe Mode.

I have never seen it that bad. The worst I have seen is AMD graphics drivers get auto-sandboxed and cause some problems - even a black screen (boot but nothing visible) - but the above is a way to deal with that sort of problem.

This is why it is recommended by experienced MT members that have experience with COMODO, that advanced configuration of COMODO should be undertaken by users that are advanced Windows users before they even put COMODO onto their system.

You can ask @Umbra, @DracusNarcrym , and others that participated in it - about our private COMODO experiment; bottom line is you got to know how to get yourself out of trouble no matter which soft you are using.
Click to expand...
easiest way out of trouble is macrium reflect. I have it on my boot menu.
 
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
hjlbx said:
LOL... I get you @shmu26 , but technically, that's cheating... you ain't gonna learn anything that way...
Click to expand...
gives you a chance to pick yourself up off the ground and try again, and maybe get it right the second time...
 
  • Like
Reactions: Overkill
Status
Not open for further replies.

Similar threads

Brownie2019
    • Like
    • Thanks
On Sale! Enigma Virtual Box for free
Replies
3
Views
830
Discounts and Deals
Allego
Allego
enaph
    • Like
    • Applause
Security News RCE Vulnerability in qBittorrent’s SSL Handling Patched After 14 Years
Replies
0
Views
735
Security News
enaph
enaph
Gandalf_The_Grey
    • Like
    • Thanks
    • Wow
Technology The Latest Anti-Cheat Technology is Controversial. Here's Why
Replies
1
Views
502
Technology News
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top