Is there an anti-executable / application whitelisting component in CIS?

Status
Not open for further replies.
Y

yigido

Use proactive configuration and go to sandbox settings. By default proactive security will virtualize all unknows files.
If you want to block all files but whitelisted files.
See help: https://help.comodo.com/topic-72-1-623-7763-Configuring-Rules-for-Auto-Sandbox.html
Set "Block" for others.. So CIS only allows whitelisted ones, others will blocked.. Protection %100

You can dig into help files to learn more (like me) : https://help.comodo.com/topic-72-1-623-7587-Introduction-to-Comodo-Internet-Security.html
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
but do keep in mind that COMODO has thousands of trusted vendors on their list and in their cloud base, and they themselves co-sign a lot of software too, so what you consider "unknown" might be quite different from what COMODO considers "unknown".
 
  • Like
Reactions: askmark
Y

yigido

but do keep in mind that COMODO has thousands of trusted vendors on their list and in their cloud base, and they themselves co-sign a lot of software too, so what you consider "unknown" might be quite different from what COMODO considers "unknown".
Comodo may sells digital signatures but they do not add them blind-fully!
There are very strict rules for entering to Trusted Vendors List.
 
  • Like
Reactions: askmark and shmu26
H

hjlbx

I really want to secure my PC with anti-executable / application whitelisting technique.

Is there such a component in CIS?

Yes.

Two components - HIPS and auto-sandbox.

A. Set auto-sandbox to Block any Unrecognized\Unknown files.

B. Disable "Trust digitally signed files."

* * * * *

For beginner, just do A - and not B.

COMODO can be a challenge for new user - especially if you dive right into all the settings... but you can only learn it by using it... so I suppose you have to start somewhere.
 
Y

yigido

Two components - HIPS and auto-sandbox.

A. Set auto-sandbox to Block any Unrecognized\Unknown files.

B. Disable "Trust digitally signed files."

* * * * *

For beginner, just do A - and not B.

COMODO can be a challenge for new user - especially if you dive right into all the settings... but you can only learn it by using it... so I suppose you have to start somewhere.
I am long-time user but I prefer A.
I found it very usefull for me and I did not dig into CIS settings much. I found HIPS useless while sandboxing all unknowns.
I even tested malwares on my real machine and I got 0 infection from the first day. Long live Comodo (default-deny)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Yes.



B. Disable "Trust digitally signed files."
let's say you did B, but you want to whitelist your Windows files. How exactly do you go about whitelisting thousands of exe files?
 
H

hjlbx

let's say you did B, but you want to whitelist your Windows files. How exactly do you go about whitelisting thousands of exe files?

Whitelist entire C:\Windows directory under File Rating > Add to Trusted Vendor list

It is in the CIS Help File, but you just do it for the entire C:\Windows directory instead of a single file

You should do this after every Windows update

You can also do the same for C:\Program Files and C:\Program Files (x86)

You will just have to do it to learn how and the quirks... you will see...
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Whitelist entire C:\Windows directory under File Rating > Add to Trusted Vendor list

It is in the CIS Help File, but you just do it for the entire C:\Windows directory instead of a single file
won't that just add microsoft as a trusted vendor?
 
H

hjlbx

won't that just add microsoft as a trusted vendor?

You're whitelisting the files contained in C:\Windows - and not adding Microsoft to the TVL

Any how, Microsoft should be in the TVL

Making an ultra-paranoid config that COMODO did not intend to be used (but can be made by the user in CIS) might cause bad system malfunctions - and in the end you will blame CIS instead of your config for it
 
Last edited by a moderator:
  • Like
Reactions: Overkill and shmu26

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Yes.

Two components - HIPS and auto-sandbox.

A. Set auto-sandbox to Block any Unrecognized\Unknown files.

B. Disable "Trust digitally signed files."

* * * * *

For beginner, just do A - and not B.

COMODO can be a challenge for new user - especially if you dive right into all the settings... but you can only learn it by using it... so I suppose you have to start somewhere.

Settings for A is this (picture)?

Clipboard01.jpg
 
  • Like
Reactions: Overkill and shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Making an ultra-paranoid config that COMODO did not intend to be used (but can be made by the user in CIS) might cause bad system malfunctions - and in the end you will blame CIS instead of your config for it
I would turn off autosandbox until I finished whitelisting Windows, as you have previously recommended. But what happens when WIndows pushes a major update? Will the system maybe become unbootable?
what other bad malfunctions should I be prepared to suffer?
 
H

hjlbx

I would turn off autosandbox until I finished whitelisting Windows, as you have previously recommended. But what happens when WIndows pushes a major update? Will the system maybe become unbootable?
what other bad malfunctions should I be prepared to suffer?

Each time Windows Update pushes an update - even a huge one, in reality, relatively few critical Windows files change - meaning the ones you need to load and get into your system.

Besides... if COMODO smash your system to the point where you can't logon - you just F12 - or whatever F-key your system uses - and boot into Safe Mode and whitelist the files while in Safe Mode.

I have never seen it that bad. The worst I have seen is AMD graphics drivers get auto-sandboxed and cause some problems - even a black screen (boot but nothing visible) - but the above is a way to deal with that sort of problem.

This is why it is recommended by experienced MT members that have experience with COMODO, that advanced configuration of COMODO should be undertaken by users that are advanced Windows users before they even put COMODO onto their system.

You can ask @Umbra, @DracusNarcrym , and others that participated in it - about our private COMODO experiment; bottom line is you got to know how to get yourself out of trouble no matter which soft you are using.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Each time Windows Update pushes an update - even a huge one, in reality, relatively few critical Windows files change - meaning the ones you need to load and get into your system.

Besides... if COMODO smash your system to the point where you can't logon - you just F12 - or whatever F-key your system uses - and boot into Safe Mode and whitelist the files while in Safe Mode.

I have never seen it that bad. The worst I have seen is AMD graphics drivers get auto-sandboxed and cause some problems - even a black screen (boot but nothing visible) - but the above is a way to deal with that sort of problem.

This is why it is recommended by experienced MT members that have experience with COMODO, that advanced configuration of COMODO should be undertaken by users that are advanced Windows users before they even put COMODO onto their system.

You can ask @Umbra, @DracusNarcrym , and others that participated in it - about our private COMODO experiment; bottom line is you got to know how to get yourself out of trouble no matter which soft you are using.
easiest way out of trouble is macrium reflect. I have it on my boot menu.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
LOL... I get you @shmu26 , but technically, that's cheating... you ain't gonna learn anything that way...
gives you a chance to pick yourself up off the ground and try again, and maybe get it right the second time...
 
  • Like
Reactions: Overkill
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top