New Update New Version 12.3.3.8152 Available for Comodo Internet Security 2025

[ErzCrz]

The information is inaccurate. I've reminded you of this multiple times previously. I also opened a thread to discuss it.
Thread: Serious Discussion - Comodo Containment "Restricted" Restriction Level


From my viewpoint, cruelsister's "Restricted" configuration offers no substantial benefits. It offers optimal protection, but the default "Run Virtually" does too. Even considering your CS's video, the default "Run Virtually" setting prevented any real system damage. The "Run Virtually" video shows the designed functionality: programs or malware operating correctly in the fully virtualized containment.

Your CS's video highlights the default "Run Virtually" versus her configuration "Run Virtually" + "Restricted." The "Run Virtually" default setting fully protected the real system. Combining the default "Run Virtually" setting with the default "Partially Restricted" Restriction Level provides a higher level of default protection.

Claims suggesting Comodo's default containment is inadequate are unsubstantiated, misinformation, and potentially misleading.


I'm not using the setup; simply experimenting in experimental mode.

- Thanks for the reminder of that topic. @cruelsister 's reply to you clarifies it so I stand corrected as I did back then though I'm certain at one point probably in versions prior to .8012 it was the case.

- Default containment in Internet Security or Firewall Configuration defaults is less secure that the CS setup using CIS/CFW in Proactive configuration. By default, it will still protect you just not as well as it used to and the CS setup just ensures all the bases are covered.
Partially Limited - The application is allowed to access all operating system files and resources like the clipboard.
Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time

Great. Have fun experimenting. Maybe I should experiment with CFW again at some stage. Not sure about using it on my production machine at some stage. My Lenovo updates keep running powershell bypass scripts that get contained by CIS/CFW which is a little annoying.

 

[rashmi]

Default containment in Internet Security or Firewall Configuration defaults is less secure that the CS setup using CIS/CFW in Proactive configuration. By default, it will still protect you just not as well as it used to and the CS setup just ensures all the bases are covered.
Partially Limited - The application is allowed to access all operating system files and resources like the clipboard.
Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time

Containment's default "Action" is "Run Virtually," irrespective of Comodo configurations. "Run Virtually" is full virtualization, which prevents programs or malware from accessing the real system. It doesn't matter whether a program or malware works inside containment with full or limited access rights. Hence, cruelsister's "Restricted" configuration provides no substantial benefits.
There is no valid proof that malware running inside containment (default or Run Virtually) affected or infected the real system.

The "Restriction Level" setting applies to "Run Restricted" in Containment's "Action." Comodo automatically enables the "Restriction Level" setting when you set "Run Restricted" in Containment's "Action."
With "Run Restricted" set in Containment's "Action," Comodo runs unrecognized programs on the real system. Comodo limits their access rights as per the option or level you set in the Restriction Level setting.