Regarding Comodo

[cruelsister]

As there have been a number of threads concerning the Pro's and Con's of Comodo products lately. just wanted to share my preferred setup in detail, and the reasons for it.

Comodo security products (for the Home) come in two flavors- Comodo Internet Security (CIS) and Comodo Firewall (CF). The difference is that CIS has a local antivirus module (note that they both have a Cloud scanner). As has been discussed elsewhere, the AV component of Comodo is at best middle of the pack (detractors would say that although the AV protection is unmatched by any it is bettered by all); this being said I do not see any need to either suggest installing or further discussing CIS.

So concentrating on Comodo Firewall it can be seen that CF has 3 basic components:

1). A Cloud Scanner- as noted above, it is of dubious value and can be shut off; but as it really doesn't interfere with anything, why bother?
2). A HIPS component- I suppose it is adequate, but unnecessary with a proper Sandbox setting.
3). The Auto-sandbox- Superb with settings of either Untrusted (which I don't care for) or Full V (which I covet).

Installation and setup- really easy. After install and reboot (good idea to click Custom install to avoid Dragon, PrivDog, etc):

1). Right Click the Comodo icon in the tray and select Advanced View.

2). Right Click the icon again and:
a). Uncheck the "Show Widget" (I hate widgets and so should you).
b). Make sure Firewall is in "Safe Mode"
c). Sets Hips to Disable
d). Set Auto-Sandbox to "Fully Virtualized".

3). Open up the main GUI, click Tasks, then click Sandbox Tasks. Right click on Reset Sandbox and select "Add to Taskbar". The reset function is now on the main GUI ribbon.

4). Open up the main GUI, Click Tasks, then click Advanced Tasks, then click Open Advanced settings:
a). Uncheck "Play Sound"
b). Uncheck "Show Notification messages" (this is optional- anything running in Full V will have a Green Border around it, so why bother getting a popup telling you this is done?).

That's pretty much all. CF should be silent from then on and will only alert when a non-whitelisted program tries to run and/or tries to connect to the net. If an application that you know is Safe gets sandboxed, just open up the main GUI, click on Sandboxed Apps, right click the program you know is safe and select Add to Trusted.

Now try to get infected.

 

[yigido]

Now try to get infected.

Yes, You will never infected with this settings. This community have some guys who hates Comodo's name.
Great explanation cruelsister! Thanks

 

[OneDay]

Hello..
Is there any way to get alerted when a program is auto-sandboxed? I mean, to give you an option to let or deny the action?

 

[OneDay]

Also, does the sandbox protects from keyloggers?

 

[yigido]

Hello..
Is there any way to get alerted when a program is auto-sandboxed? I mean, to give you an option to let or deny the action?

When you see the isolated pop-up, you can see also "Do not isolate it again" word under-rght corner of this pup

 

[cruelsister]

One Day- You can get the sandbox popups if you want. Just don't uncheck the Show Notifications setting that I mentioned in 4b above.

Regarding keyloggers the protection is actually threefoldfold. The logger may be picked up and deleted by the Cloud; the Behavior Blocker (always on) will stop logger hooks; the Firewall will prevent transmission out of any information (this point is always missed by those using the Keylogger test thingies- in order for a logger to work it HAS to transmit info out to the bad guys).

 

[vrb93]

Comodo Firewall is the config I've always preferred to use on my PC, of all times
With this tweaks it's as strong as steel

 

[OneDay]

Great answer, @cruelsister, as always!
Thank you!

 

[Nikos751]

WIth such settings it's protection is very very good, few can say the opposite.
The problem with CIS is that it has become somewhat heavy and false positives in autosandbox can be really disturbing or even destructive for some systems (some here have reported such situations).
Also, it's said that Comodo is buggy, i won't comment on that.

 

[NSG001]

@cruelsister Great summation
CFW in FV paired with EAM9 is a killer combo, although I use custom ruleset for firewall as I want these rules tight!!
Been testing this combo for a week or so now and may be a keeper on one home machine.

 

[OneDay]

@Nikos751 - Comodo is definitely not heavy. Actually is pretty light on system resources. As for the false positives, let me disagree. There are no false positives in auto-sandboxing protection. It's just an unrecognised executable. And those settings are for the advanced users, Comodo alerts you itself when you change the settings. As for the bugs, yes, IT IS buggy..

 

[cruelsister]

Nikos- I don't recommend CIS, so no issue there. Regarding the Sandbox, at Full V whatever is in there runs just fine virtualized. As no system changes happen, no trashing of the system can result.

In actual real world use (especially for those who haven't been bothered by malware or adware in years), CF basically just sits there waiting. Kind of like my cat Ophelia- always ready to pounce, but mainly just lays about napping, taking up very little space.

 

[Nikos751]

Nikos- I don't recommend CIS, so no issue there. Regarding the Sandbox, at Full V whatever is in there runs just fine virtualized. As no system changes happen, no trashing of the system can result.

In actual real world use (especially for those who haven't been bothered by malware or adware in years), CF basically just sits there waiting. Kind of like my cat Ophelia- always ready to pounce, but mainly just lays about napping, taking up very little space.

About system messup,others have experienced it, not me xD I have used comodo for a while and the last time it sandboxed an executable from my ati software. I simply told comodo not to sandbox it again but I am not sure if such case would be harmless for the whole system if the user is not cautious with CIS or is out of luck as a program usually depends on more than one executable.

Comodo is heavier than avast, avira, eset currently on my home pcs. I dont call it heavy but its not that light,its average

 

[cruelsister]

OneDay- You asked about keyloggers yesterday and if CF would protect against it. Today James provided two samples, one a screenlogger, the other a keylogger which can be found here:

http://malwaretips.com/threads/stealer.32748/

and here:

http://malwaretips.com/threads/2014-09-02-2.32746/

In both cases the Behavior Blocker (part of the Sandbox module) silently stopped both hooks. In addition the Firewall alerted that something unknown was trying to get out to the Net; blocking this transmission would also stop the malware from succeeding.

 

[NSG001]

@cruelsister
Thanks again for all your observations, much appreciated.

 

[rocky]

Thanks, I'm going to try this set as you recommend.

 

[zeusc4]

i used Comodo from long time. not only just 1 computer. i used it 3 laps & 1 PC in my home.

i started to hate it because BSOD when i install comodo on WIndows 8.1. then i tried to move away from comodo. still they not fix this BSOD issue. very very slooooooooooooooooooooooooooooooooow updates/ upgrades.

right now i'm using
Norton IS on my lap ( getting 6 months trial keys using vm )
Emsisoft AM on my sisters lap ( thanks to @NikolayfromRussia )
Bitdefender on my Fathers lap

& finally on my desktop i'm stall using Comodo IS

 

[Moose]

Are there still problems with BSOD on Windows 8.1.?
From Comodo!

Kind regards,

 

[KelvinW4]

I'm using comodo on Windows 8.1 no slowdowns, no BSODs.
But thanks cruelsister for the tutorial/review!

 

[NSG001]

@cruelsister
Any major differences/benefits you find now using V8 BETA ?
Thanks