What example, open you comodo GUI, find me the sandbox settings and compare them to Sandboxie or ReHIPS's sandbox settings! then is your example...
I've tried already RFW some time ago convinced by opinions of expirienced users (e.g. Creer from Wilders and Polish forum SG.pl) and hadn't bad impressions...even more - I was surprised huge number of useful functions and options.
cf + cs + silent mode = ditto. I dont even bother with blocked applications unless they affect into updates that they wont pass at all, never happened anyways. If youre allowing everything for peace of mind, just go with windows firewall wich will be quiet forever. Comodo firewall for me is just software, where i can see whats happening and why. Also killswitch and view connections are most simple way to see that, without any mess
We expect exactly this ;D
Sorry, I can't get how what you said is related to what I said... I was talking about compatibility issues, you replied about alerts or popups
Depends of the comodo version you used and current windows build you had back then aswell, windows 10 been out for like 3-4 years? I know that cf + cis should be used as standalone because it will conflict with few avs, anti-exploits etc. I have been using cf/cis for year on/off never had issues with it. Its very user/system dependent....i just keep coming back to comodo products after all
Be careful with this feature, given that a malware can inject code in a Windows trusted process (for example svchost.exe) and connect to Internet throgth this process and you will allow this connection because the process is "green".
There is no FW that detect RW or alert for a new startup entry! the firewall is not supposed to do that! it's supposed to control the inbound and outbound connections and ofc defend me from the outside.
Rising can also do that(on Ask me mode)!
It's not easy to properly recognise what is trying to call outside using svchost.exe because this quite sensitive system process is like container of processes/services
Actually firewall can't do this...we aren't talking about HIPS/BB detection...and it's better not to block it.HIPS?? BB detection?? Who is talking about this?
Don't think anyone's tested this yet to the extent of making a YouTube vid or demonstrating their test.
This thread caught my interest.
yes the bug is true.it simply switches back to highly dangerous makes no senseThis thread caught my interest.
I've not heard of this product before. I know the AV, which I could not install on my machine properly (some .exe was missing, so the complete software was unusable).
If I find it to be compatible to Tencent PC Manager Global, I think that one could come handy in the Malware HUB. I'm looking for a companion for it anyway
I did a quick and dirty test on yesterdays pack.
Following custom settings were used:
Enable high-sensitive detection
Play tray animation
Ask me (when something tries calling out)
Unticked "Automatically allow trusted programs to connect to network"
The svchost.exe calling out was active before.
Another svchost.exe trying to call out made Rising FW showing a popup whether to allow or not (I excluded it from the trusted processes manually). Also excluded Windows Media Player (have seen related .exe being hollowed quite some times in the past).
The only hollowed process I've seen calling out was explorer.exe (the contacted servers are dead, it kept popping up and closing fast).
View attachment 194170View attachment 194171View attachment 194172View attachment 194173
Log (also attached):
View attachment 194174View attachment 194175
Note that Windows Defender was on and gave some warnings when I extracted the malware.
I ignored it.
It did not block the file execution!
See the malware party on the system...
View attachment 194167
wscript.exe was also blocked from calling out (user dependent, every newly discovered process will be autoallowed after half a minute. Note the checkbox bottom left. Once ticked, RFW will autodecide according to the previous user input - in my case block).
First impression:
It did quite good. However, I won't decide before seeing the product throughout some time.
IDK about the "highly dangerous" status - once you click on one of the four threat filters, and reactivate them, status gets "safe" again. However switches back to "highly dangerous" after some time.
This seems to be a bug.
Note I couldn't access Rising page for download when F-Secure VPN was on, it seems the webfilter does block their page silently.
As previous posters stated, the Firewall will block or allow outbound connections on user demand. Choose wisely.
It will not-known-to-cloud process in orange. Otherwise, it will open a window with green text (and info the process is trusted).
Nothing more, nothing less.
It does not prevent (maybe does via Block Trojan / Block Threats / Block Downloads) or clean up the malware infection. It does not intercept malware setting AutoRuns. Don't expect it to replace a good AV.
View attachment 194176View attachment 194177
Actually, the reason is China banning VPN solutions.
