Regarding Comodo

Status
Not open for further replies.

WalterWolf

Level 3
Verified
Jan 28, 2013
319
1.Cloud Scanner has to many FP.
2.Sandbox sucks because it always sandbox anything you run,even drivers if you don't exclude them.
 
  • Like
Reactions: NSG001

Raul90

Level 14
Feb 5, 2012
658
As there have been a number of threads concerning the Pro's and Con's of Comodo products lately. just wanted to share my preferred setup in detail, and the reasons for it.

Comodo security products (for the Home) come in two flavors- Comodo Internet Security (CIS) and Comodo Firewall (CF). The difference is that CIS has a local antivirus module (note that they both have a Cloud scanner). As has been discussed elsewhere, the AV component of Comodo is at best middle of the pack (detractors would say that although the AV protection is unmatched by any it is bettered by all); this being said I do not see any need to either suggest installing or further discussing CIS.

So concentrating on Comodo Firewall it can be seen that CF has 3 basic components:

1). A Cloud Scanner- as noted above, it is of dubious value and can be shut off; but as it really doesn't interfere with anything, why bother?
2). A HIPS component- I suppose it is adequate, but unnecessary with a proper Sandbox setting.
3). The Auto-sandbox- Superb with settings of either Untrusted (which I don't care for) or Full V (which I covet).

Installation and setup- really easy. After install and reboot (good idea to click Custom install to avoid Dragon, PrivDog, etc):

1). Right Click the Comodo icon in the tray and select Advanced View.

2). Right Click the icon again and:
a). Uncheck the "Show Widget" (I hate widgets and so should you).
b). Make sure Firewall is in "Safe Mode"
c). Sets Hips to Disable
d). Set Auto-Sandbox to "Fully Virtualized".

3). Open up the main GUI, click Tasks, then click Sandbox Tasks. Right click on Reset Sandbox and select "Add to Taskbar". The reset function is now on the main GUI ribbon.

4). Open up the main GUI, Click Tasks, then click Advanced Tasks, then click Open Advanced settings:
a). Uncheck "Play Sound"
b). Uncheck "Show Notification messages" (this is optional- anything running in Full V will have a Green Border around it, so why bother getting a popup telling you this is done?).

That's pretty much all. CF should be silent from then on and will only alert when a non-whitelisted program tries to run and/or tries to connect to the net. If an application that you know is Safe gets sandboxed, just open up the main GUI, click on Sandboxed Apps, right click the program you know is safe and select Add to Trusted.

Now try to get infected.

Very nice there cruelsister! I infact use that setup when I am not using Comodo HIPS. I just do not uncheck the sound as I want to get notified when I am using the other desktop :) Oftentimes I use the HIPS to disable nasty programs wanting to "always" connect to home without my permission.
 
  • Like
Reactions: cruelsister

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
NSG- I've been putting version 8 of Comodo through its paces and so far like it very well. The most important difference is for the Sandbox- instead of all the different levels (which just led to confusion- and infection) they just went with my favorite, Full V. So now the only choice is to either Enable or Disable the Box.

The Firewall is basically the same with Safe Mode being the optimal (and Default) setting.

HIPS is also an Enable or Disable choice. The choice will be easy as HIPS is of no value (unless for those who get off on popups) if the sandbox is enabled all the HIPS will do is to alert you to malicious activity going on in a virtualized environment, which really is inconsequential. A big issue is made by some about the Cloud AV and VirusScope not being average at best. Totally true, but also of no consequence as long as the sandbox is enabled.

Hopefully the beta period will be a long one. I have CF8 installed on both my sacrificial malware system as well as my personal laptop, and if I run across anything significantly problematic I will of course report it here.

M

Forgot to mention one new thing- the other day I ran a file that I knew was VM aware. I ran the file, it loaded in the sandbox and after a minute I got a Behavior Blocker alert that an unknown file was requesting permission to run outside of the sandbox.

Smiling all the way, I denied the request and the malware file expired in malicious despair.
 
Last edited:

Moose

Level 22
Jun 14, 2011
2,271
@cruelsister

> "Fully Virtualized" do you turn this off from time to time? When restarting your PC?
> Are you using AppGuard with this set-up? If not why? Please!:oops:
> And are you using 360 Total Security or 360 Internet Security? If not which AV?

Kind regards,
;)
 
R

rocky

Thanks for the update cruelsister I haven't seen much news on the beta. I'm very impressed with version 7 set by your recommendation so I'm relieved to hear it is working well in the beta. Thanks again.
 

stephentony

Level 1
Verified
Mar 8, 2013
49
Thank you cruelsister for your expertise when it comes to Comodo. I've always liked the fact that you are clear eyed and dispassionate in your evaluations. Your arguments are usually irrefutable because they are based on fact and very seldom on opinion alone. Because of that I find you to be a very reliable source of information I can count on. Please keep us updated on the 8 beta.
 

BIgD1

Level 3
Verified
Oct 25, 2014
138
Thanks @cruelsister for the detailed setup information. I have Comodo firewall setup like this now cause hips is just not my cup of tea.
 

Behold Eck

Level 18
Verified
Top Poster
Well-known
Jun 22, 2014
882
HIPS are my cup of tea hence I`ve just installed CIS v5. Apart from the better GUI imo, it gave me some really nice popups to deal with already. Yum yum.

Good advice here on v8 should I ever feel the need to update to it.

Sandboxie still onboard as ever.

Regards Eck:)
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Tried CF for about 2 hours today, and I was unimpressed, but not because it doesn't do what it claims. Been using Private Firewall, and the GUI in CF absolutely makes no sense to me. I have everything set to manual in PF, but the manual settings for CF are buried deep in the program. That would be OK, considering the effectiveness of the program as reported here and across the net, except that the process of making the simpler decisions that CF makes possible are also buried.

I feel like they are making a serious effort to make CF install and forget. I commend Comodo for this, as firewalling is pretty burdensome. However, I want the GUI to reflect the functionality of the program or put another way to add to the understanding of exactly what's happening with each choice.

cruelsister's settings sound usable and almost completely hands off. I feel the need to know more, however. I really wish Comodo would break down the various tools and their elements better for user, especially with the GUI (more intuitive placement of settings dialogs) but also with the help dialog. The universal behavioral blocks are amazing, but their application clouds the functionality of the actual firewall as things are currently arranged. I have no idea how good this firewall really is.

One other thing. Should a firewall ever rely on cloud based monitoring? Idk, but I am not comfortable with this. I guess I just want to see someone create a firewall that uses just the local program to secure a PC.

I uninstalled Comodo, but I do feel that it's way closer than a year ago to being comprehendable for the typical everyday user. In this light, maybe Comodo should look to Private Firewall to see how to bring the bare bones manual elements of firewalling more to the front. And, yes, they need to be separated from the behavioral elements of the program, so that users can actually see what they have with CF. Bring them in with the features and flashing lights and front page activated notifications and then show them a real firewall directly behind this I say...
 
  • Like
Reactions: Rolo

Elemec

Level 1
Verified
Jan 23, 2015
111
Would like to know which AV would go well with the Comodo FW.
At first i was lagging heavily , But then it got instabilized. I'm currenly using 360 total security along with it , And would want a recomendation. Also have malwarebytes installed.
 

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Elemec- First off, what settings are you using for Comodo? As you have Qihoo TS installed (I hop at default), there would be absolutely no need for the Comodo HIPS module to be enabled (assuming that you have it active). As for Malwarebytes, you don't mention if you have it as Real-time or not. My STRONG suggestion is just keep MB as an on-demand app.

In short,
1), CF- HIPS off, Sandbox on. Change the Configuration setting to Proactive.
2). Qihoo TS 6- keep this at Default setting! There is no need to activate BD and (God forbid) Avira.
3). Disable Malwarebytes if you are using it as a real-time protector.

Please evaluate the above and inform us if any issues persist (also tell us the current settings that you are using so I can be mean to you).
 
  • Like
Reactions: Ink

Elemec

Level 1
Verified
Jan 23, 2015
111
Elemec- First off, what settings are you using for Comodo? As you have Qihoo TS installed (I hop at default), there would be absolutely no need for the Comodo HIPS module to be enabled (assuming that you have it active). As for Malwarebytes, you don't mention if you have it as Real-time or not. My STRONG suggestion is just keep MB as an on-demand app.

In short,
1), CF- HIPS off, Sandbox on. Change the Configuration setting to Proactive.
2). Qihoo TS 6- keep this at Default setting! There is no need to activate BD and (God forbid) Avira.
3). Disable Malwarebytes if you are using it as a real-time protector.

Please evaluate the above and inform us if any issues persist (also tell us the current settings that you are using so I can be mean to you).
I've been using the Free version of malware bytes , So it is only on-demand.
My comodo settings are exactly as you said , Hips off.
Unninstalled the bonus settings on 360 total security (So now is only with default)
My biggest question , Is what you mean by " Proactive " And " Full virtualized " ON auto sandbox , Right click comodo for activate it in said mode , But it just gives me activate , I click settings , It dont says those things
 

Elemec

Level 1
Verified
Jan 23, 2015
111
Alright , Here the full info about it.
I'm using all the configurations/settings you said on your post , With exception of the " Full virtualized " One.
I'm using the proactive mode.
Default 360 total security.
Free-Malwarebytes Only On-Demand

[EDIT] : For enable Full virtualized mode , Do i just change sandbox setting by unmarking " Dont virtualize specific programs " ?
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Alright , Here the full info about it.


[EDIT] : For enable Full virtualized mode , Do i just change sandbox setting by unmarking " Dont virtualize specific programs " ?

https://help.comodo.com/topic-72-1-451-4768-.html

If you do not set a restriction level, CIS will automatically apply a level of 'Fully Virtualized'.
  • Fully Virtualized - The application will be run in a virtual environment completely isolated from your operating system and files on the rest of your computer.
 

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
628
Alright , Here the full info about it.
I'm using all the configurations/settings you said on your post , With exception of the " Full virtualized " One.
I'm using the proactive mode.
Default 360 total security.
Free-Malwarebytes Only On-Demand

[EDIT] : For enable Full virtualized mode , Do i just change sandbox setting by unmarking " Dont virtualize specific programs " ?
The "proactive mode" already active the full sandbox automatically.
 

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Sorry I wasn't clear regarding the sandbox. In past versions, there were different levels of protection afforded by the sandbox- Partially Limited, Limited, Restricted, Untrusted, Full V- with the default being Partially Limited. With version 8, the default is now Full Virtualization- so as long as you enable the sandbox you are set (nothing else is needed or should be done).

(Helpful Hint- Right click the Comodo icon in the tray and click on "Advanced View". It will close and when you Right click on it again you will not only see that you now have easy access to HIPS and Sandbox things. Also, the main GUI is a bit more informative)

Regarding the importance (and the reason) for changing the configuration from "Firewall Security" to "Proactive Security"- at default settings of the sandbox ONLY FILES RUN FROM THE DOWNLOAD DIRECTORY WILL BE SANDBOXED (forgive the caps, but this is of extreme importance). One can change the settings so that potentially troublesome files found anywhere on your system will be sandboxed in one of two ways:

1). In Sandbox settings, edit the Origin of the first "Run Virtually" listing from "Internet" to "Any", or
2). Just change the configuration from Firewall security to Proactive security. This has an added benefit as it
will protect all critical COM interfaces (ignore the "Internet Security" configuration as this really only pertains to CIS- with the local AV).

If I was in any way unclear (as I tend to be), please ask anything you may want to know (don't be shy).

M
 
  • Like
Reactions: Andytay70

Elemec

Level 1
Verified
Jan 23, 2015
111
Sorry I wasn't clear regarding the sandbox. In past versions, there were different levels of protection afforded by the sandbox- Partially Limited, Limited, Restricted, Untrusted, Full V- with the default being Partially Limited. With version 8, the default is now Full Virtualization- so as long as you enable the sandbox you are set (nothing else is needed or should be done).

(Helpful Hint- Right click the Comodo icon in the tray and click on "Advanced View". It will close and when you Right click on it again you will not only see that you now have easy access to HIPS and Sandbox things. Also, the main GUI is a bit more informative)

Regarding the importance (and the reason) for changing the configuration from "Firewall Security" to "Proactive Security"- at default settings of the sandbox ONLY FILES RUN FROM THE DOWNLOAD DIRECTORY WILL BE SANDBOXED (forgive the caps, but this is of extreme importance). One can change the settings so that potentially troublesome files found anywhere on your system will be sandboxed in one of two ways:

1). In Sandbox settings, edit the Origin of the first "Run Virtually" listing from "Internet" to "Any", or
2). Just change the configuration from Firewall security to Proactive security. This has an added benefit as it
will protect all critical COM interfaces (ignore the "Internet Security" configuration as this really only pertains to CIS- with the local AV).

If I was in any way unclear (as I tend to be), please ask anything you may want to know (don't be shy).

M

Almost everything done. Here it says that the first " Run virtually " Is going to open Every/any file , And the reputation is " Unrecogonized
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top