Update Rising Personal Firewall V16 (24.00.56.56)

Status
Not open for further replies.
D

Deleted member 178

Ichito- Regarding the Wilders thread (I think I'm totally done with them, finally)- do you think that any will give an actual example? So many just pull some statement out of their butts, without any proof whatsoever, and for God alone Knows what reason it is taken as fact.
What example, open you comodo GUI, find me the sandbox settings and compare them to Sandboxie or ReHIPS's sandbox settings! then is your example...
You don't even understand the post...you suddenly talk about bypass when we talk about settings and options.
LOL
 

imuade

Level 12
Verified
Jul 29, 2018
563
2,973
I have been a big fan of Comodo Firewall since 2008 on Vista and 7, but when Windows 10 has come out, I have only got problems with Comodo.
Comodo Firewall often broke the internet connection after a Windows update and I don't think it's Microsoft to be blamed, a 3rd party SW has to be compatible with Windows, not the other way around.
Then, at first Comodo suggested to turn Windows Firewall completely off, then to turn the FW off, but keep the service on, then to keep both on...
I even tried to use Comodo Anti Virus to use the superb sandbox, but again I got big problems with the file rating list, which was messed up after a Windows update and made my PC freezing...
So, new firewalls are welcome in my opinion. They may not be as bulletproof as Comodo, but I'd definitely use them if they don't give me as much headache as Comodo
 

ichito

Level 10
Verified
Content Creator
Dec 12, 2013
480
2,785
Ichito- Regarding the Wilders thread (I think I'm totally done with them, finally)- do you think that any will give an actual example? So many just pull some statement out of their butts, without any proof whatsoever, and for God alone Knows what reason it is taken as fact.

Have people really devolved to such an extent?
I've tried already RFW some time ago convinced by opinions of expirienced users (e.g. Creer from Wilders and Polish forum SG.pl) and hadn't bad impressions...even more - I was surprised huge number of useful functions and options.
Basing on such threads like e.g.
Rising Personal Firewall 2009 - firewall z Chin
RFW 2009 (Rising Firewall) Free + RIS 2009 Free
I can't treat RFW as useless or even crap...it can be effective firewall after making some advanced settings what you've done with Comodo settings in your famous configuration.
 

Moonhorse

Level 31
Verified
Content Creator
May 29, 2018
2,002
10,026
I have been a big fan of Comodo Firewall since 2008 on Vista and 7, but when Windows 10 has come out, I have only got problems with Comodo.
Comodo Firewall often broke the internet connection after a Windows update and I don't think it's Microsoft to be blamed, a 3rd party SW has to be compatible with Windows, not the other way around.
Then, at first Comodo suggested to turn Windows Firewall completely off, then to turn the FW off, but keep the service on, then to keep both on...
I even tried to use Comodo Anti Virus to use the superb sandbox, but again I got big problems with the file rating list, which was messed up after a Windows update and made my PC freezing...
So, new firewalls are welcome in my opinion. They may not be as bulletproof as Comodo, but I'd definitely use them if they don't give me as much headache as Comodo
cf + cs + silent mode = ditto. I dont even bother with blocked applications unless they affect into updates that they wont pass at all, never happened anyways. If youre allowing everything for peace of mind, just go with windows firewall wich will be quiet forever. Comodo firewall for me is just software, where i can see whats happening and why. Also killswitch and view connections are most simple way to see that, without any mess
 

imuade

Level 12
Verified
Jul 29, 2018
563
2,973
cf + cs + silent mode = ditto. I dont even bother with blocked applications unless they affect into updates that they wont pass at all, never happened anyways. If youre allowing everything for peace of mind, just go with windows firewall wich will be quiet forever. Comodo firewall for me is just software, where i can see whats happening and why. Also killswitch and view connections are most simple way to see that, without any mess
Sorry, I can't get how what you said is related to what I said... I was talking about compatibility issues, you replied about alerts or popups
 

Moonhorse

Level 31
Verified
Content Creator
May 29, 2018
2,002
10,026
Sorry, I can't get how what you said is related to what I said... I was talking about compatibility issues, you replied about alerts or popups
Depends of the comodo version you used and current windows build you had back then aswell, windows 10 been out for like 3-4 years? I know that cf + cis should be used as standalone because it will conflict with few avs, anti-exploits etc. I have been using cf/cis for year on/off never had issues with it. Its very user/system dependent....i just keep coming back to comodo products after all
 

maka

Level 1
Jul 1, 2018
22
129
also for a fake process, the user can see the process path and decide to allow or block:/ the rising cloud also tell you if the process is known(green) or unknown(orange)! windows process are all green! so I can make sure that this is trusted.
Be careful with this feature, given that a malware can inject code in a Windows trusted process (for example svchost.exe) and connect to Internet throgth this process and you will allow this connection because the process is "green".
 

ichito

Level 10
Verified
Content Creator
Dec 12, 2013
480
2,785
Be careful with this feature, given that a malware can inject code in a Windows trusted process (for example svchost.exe) and connect to Internet throgth this process and you will allow this connection because the process is "green".
It's not easy to properly recognise what is trying to call outside using svchost.exe because this quite sensitive system process is like container of processes/services :) Actually firewall can't do this...we aren't talking about HIPS/BB detection...and it's better not to block it.
Some useful info
Should i block windows svchost.exe connections.?
 

maka

Level 1
Jul 1, 2018
22
129
Actually firewall can't do this...we aren't talking about HIPS/BB detection...and it's better not to block it.
HIPS?? BB detection?? Who is talking about this?
It's obvious that a firewall can't block code injection. I've never said anything similar.
What I wanted to say is that a malware can use a trusted process to make connections to its servers and I've used code injection as an example of this fact.

I don't know how Rising works, but a good firewall will at least show you the IP to which svchost.exe tries to connect. If you know what you are doing, you can decide whether to allow or block this connection.
If you not know what you are doing, better use Windows built in firewall with default settings.
 

Der.Reisende

Level 44
Verified
Trusted
Content Creator
Malware Hunter
Dec 27, 2014
3,370
39,802
any test on real life dangers? ( redirects, malware, ransom maybe? )
This thread caught my interest.
I've not heard of this product before. I know the AV, which I could not install on my machine properly (some .exe was missing, so the complete software was unusable).

If I find it to be compatible to Tencent PC Manager Global, I think that one could come handy in the Malware HUB. I'm looking for a companion for it anyway :)

I did a quick and dirty test on yesterdays pack.

Following custom settings were used:
Enable high-sensitive detection
Play tray animation
Ask me (when something tries calling out)
Unticked "Automatically allow trusted programs to connect to network"

The svchost.exe calling out was active before.
Another svchost.exe trying to call out made Rising FW showing a popup whether to allow or not (I excluded it from the trusted processes manually). Also excluded Windows Media Player (have seen related .exe being hollowed quite some times in the past).
The only hollowed process I've seen calling out was explorer.exe (the contacted servers are dead, it kept popping up and closing fast).

0.PNG1.PNG2.PNG3.PNG

Log (also attached):
Log1.PNGLog2.PNG

Note that Windows Defender was on and gave some warnings when I extracted the malware.
I ignored it.
It did not block the file execution!
See the malware party on the system...
Unbenannt.PNG

wscript.exe was also blocked from calling out (user dependent, every newly discovered process will be autoallowed after half a minute. Note the checkbox bottom left. Once ticked, RFW will autodecide according to the previous user input - in my case block).

First impression:
It did quite good. However, I won't decide before seeing the product throughout some time.

IDK about the "highly dangerous" status - once you click on one of the four threat filters, and reactivate them, status gets "safe" again. However switches back to "highly dangerous" after some time.
This seems to be a bug.

Note I couldn't access Rising page for download when F-Secure VPN was on, it seems the webfilter does block their page silently.

As previous posters stated, the Firewall will block or allow outbound connections on user demand. Choose wisely.
It will not-known-to-cloud process in orange. Otherwise, it will open a window with green text (and info the process is trusted).
Nothing more, nothing less.
It does not prevent (maybe does via Block Trojan / Block Threats / Block Downloads) or clean up the malware infection. It does not intercept malware setting AutoRuns. Don't expect it to replace a good AV.

unknown.PNGtrusted.PNG

Edited the custom settings part.
 

Mahesh Sudula

Level 17
Verified
Sep 3, 2017
810
4,977
This thread caught my interest.
I've not heard of this product before. I know the AV, which I could not install on my machine properly (some .exe was missing, so the complete software was unusable).

If I find it to be compatible to Tencent PC Manager Global, I think that one could come handy in the Malware HUB. I'm looking for a companion for it anyway :)

I did a quick and dirty test on yesterdays pack.

Following custom settings were used:
Enable high-sensitive detection
Play tray animation
Ask me (when something tries calling out)
Unticked "Automatically allow trusted programs to connect to network"

The svchost.exe calling out was active before.
Another svchost.exe trying to call out made Rising FW showing a popup whether to allow or not (I excluded it from the trusted processes manually). Also excluded Windows Media Player (have seen related .exe being hollowed quite some times in the past).
The only hollowed process I've seen calling out was explorer.exe (the contacted servers are dead, it kept popping up and closing fast).

View attachment 194170View attachment 194171View attachment 194172View attachment 194173

Log (also attached):
View attachment 194174View attachment 194175

Note that Windows Defender was on and gave some warnings when I extracted the malware.
I ignored it.
It did not block the file execution!
See the malware party on the system...
View attachment 194167

wscript.exe was also blocked from calling out (user dependent, every newly discovered process will be autoallowed after half a minute. Note the checkbox bottom left. Once ticked, RFW will autodecide according to the previous user input - in my case block).

First impression:
It did quite good. However, I won't decide before seeing the product throughout some time.

IDK about the "highly dangerous" status - once you click on one of the four threat filters, and reactivate them, status gets "safe" again. However switches back to "highly dangerous" after some time.
This seems to be a bug.

Note I couldn't access Rising page for download when F-Secure VPN was on, it seems the webfilter does block their page silently.

As previous posters stated, the Firewall will block or allow outbound connections on user demand. Choose wisely.
It will not-known-to-cloud process in orange. Otherwise, it will open a window with green text (and info the process is trusted).
Nothing more, nothing less.
It does not prevent (maybe does via Block Trojan / Block Threats / Block Downloads) or clean up the malware infection. It does not intercept malware setting AutoRuns. Don't expect it to replace a good AV.

View attachment 194176View attachment 194177
yes the bug is true.it simply switches back to highly dangerous makes no sense
a part from that i think it is a handy tool...Poor antiphishing
 

Der.Reisende

Level 44
Verified
Trusted
Content Creator
Malware Hunter
Dec 27, 2014
3,370
39,802
Note I couldn't access Rising page for download when F-Secure VPN was on, it seems the webfilter does block their page silently.
Actually, the reason is China banning VPN solutions.

Why FREEDOME does not work in China - F-Secure Community

Symptoms
When residing in China, the FREEDOME apps often cannot connect to any of the FREEDOME VPN servers. Occasionally, some of the FREEDOME locations may work, but often not. When residing outside China, accessing Chinese website or other Chinese internet services often results in an error message saying that the server IP address cannot be found.
Diagnosis
The use of VPN apps (including FREEDOME) is restricted in China. Due to the policy of the Chinese government, VPN connections are blocked in their network for both local residents and foreign people travelling in China. This prevents FREEDOME from working in China.
This Chinese VPN block also affects FREEDOME users outside China. If a Chinese internet service, such as a website, has all of its Domain Name Servers (DNS) in China, the FREEDOME VPN servers will not have access to the website. If the internet service in question has at least one of its DNS servers outside China, it may remain accessible to FREEDOME users.
Solution
Due to the nature of this issue, we are unable to solve this.


Does not affect only F-Secure FreeDome, but most likely all other VPN, too.
At least this seems to not affect software "calling home" to China, even if an active VPN is in place.
 

ichito

Level 10
Verified
Content Creator
Dec 12, 2013
480
2,785
I've found perhaps useful features/option that could increase/change protection level:
- you can leave or disable option "Allow listen" in some cases (not all apps need such action)...double click on app line in rules tab to get such window
180801094403_1.jpg
- RFW has someting like BB...I think so...it's option "Intercept network intrusion attacks" with 88 monitored action and each one can be disabled if we wish (screenshots below)
180801095810_6.jpg180801094621_2.jpg
- and it looks that by enabling option "Start module access check" RFW can prompt about single action of modules of process...and it appears that svchost.exe modules can be monitored also :)
180801094759_3.jpg180801094856_4.jpg

-----------------------------------------------
edit:
A propos "checking modules" option - in the rules tab we can see column called "Module" and after double-click on number we wiil get new small window with detected modules of process. By this way we can...if we need...add, remove or edit each one listed rule
180801110502_1.jpg
 
Last edited:
Status
Not open for further replies.
Top