Latest Changes
Dec 31, 1969
Operating System
  • Windows Edition
    Pro
    Version or Build no.
    stable
    System type
    64-bit operating system; x64-based processor
    Security Updates
    Automatic Updates (recommended)
    User Access Control
    Always Notify
    Network Security (Firewall)
    3rd-party Firewall app by a trusted vendor
    Device Security
  • Windows Defender SmartScreen (Windows 10)
  • User Account
    Sign-in Accounts
    Malware Testing
    I participate by downloading malware samples into an isolated VM environment
    Real-time Web & Malware Protection
    VoodooShield Pro
    Kaspersky Internet Security 2017
    HitmanPro.Alert
    standard user account
    Startup Sentinel
    RTP - Custom security settings
  • Virus and Malware Removal Tools
    HitmanPro, Zemana
    Browsers and Extensions
    Chrome x64 w/appcontainer lockdown

    extensions: uBlock Origin, uBlock Origin extra, HTTPS Everywhere, VTchromizer, Bitdefender TrafficLight, Animation Policy
    Privacy-focused Apps and Extensions
    uBlock Origin
    Password Managers
  • lastpass
  • Web Search
  • F-Secure (google powered)
  • System Utilities
    CCleaner, Zipware
    Data Backup
    Macrium Reflect
    Frequency of Data backups
    Daily
    System Backup
    Macrium Reflect Home
    Frequency of System backups
    Regularly

    shmu26

    Level 82
    Verified
    Trusted
    Content Creator
    Thanks for pointing this out as I didn't realise there was a difference in the protection each of these sandboxes provides.
    I will now be more cautious when using CCAV sandbox.
    @yigido summed it up to me by saying that CCAV is for regular users, whereas CIS is for advanced users.
    (CF is the same as CIS, but without the AV component.)
     
    H

    hjlbx

    CCAV does not use:
    Sandboxie doesn't user Kernel Mode hooks either; it employs User Mode hooks
    • Separate sandboxes are used to isolate processes from each other -- memory access, inter-process communication, etc
    However, without full general technical infos, you never know precisely what that quoted passage above precisely means. I am quite familiar with COMODO and know from experience that what they state - and what they actually mean - can be different.

    Not bashing, just pointing out a few things that are important to consider.
     

    shmu26

    Level 82
    Verified
    Trusted
    Content Creator
    CCAV does not use:
    Sandboxie doesn't user Kernel Mode hooks either; it employs User Mode hooks
    • Separate sandboxes are used to isolate processes from each other -- memory access, inter-process communication, etc
    However, without full general technical infos, you never know precisely what that quoted passage above precisely means. I am quite familiar with COMODO and know from experience that what they state - and what they actually mean - can be different.

    Not bashing, just pointing out a few things that are important to consider.
    even if they meant what they stated, I can't claim that I understand everything.
    bottom line: is sandbox of CIS significantly better than that of CCAV, in your opinion?
     
    H

    hjlbx

    @yigido summed it up to me by saying that CCAV is for regular users, whereas CIS is for advanced users.
    (CF is the same as CIS, but without the AV component.)
    That is only because of all the additional features (HIPS, Viruscope, KillSwitch, CCE, Virtual Desktop, settings\configuration customization, etc) that is included in CIS.

    Heavily hardened CIS customization ain't no joke...

    CCAV is "plug-and-play"...
     
    H

    hjlbx

    even if they meant what they stated, I can't claim that I understand everything.
    bottom line: is sandbox of CIS significantly better than that of CCAV, in your opinion?
    My understanding is that CIS employs User Mode hooking - unless COMODO switched to all kernel or a mix of kernel\user mode hooking since 2012.

    http://rce.co/why-usermode-hooking-sucks-bypassing-comodo-internet-security/

    Still, technically CIS sandbox\Virtual Desktop is more robust than CCAV sandbox.

    CIS sandbox has years of vulnerability fixes built into it at this point, whereas CCAV isn't truly a stable release yet... LOL.
     

    _CyberGhosT_

    Level 53
    Verified
    Trusted
    Content Creator
    I have tried them all, again and again: NVT ERP, Voodoo, ReHIPS.
    They always end up blocking something I want to run, like a chrome update or a windows process or a print job.
    Makes me nervous to have to keep an eye all the time on what is being blocked, and give it the right rules.
    So I went back to traditional solutions.
    Kaspersky+ZAM+HMPA.
    I also have blocked the various processes of powershell and wscript and cscript , by means of Kaspersky Application Control.
    My system runs smooth, feels pretty light. I am willing to pay that extra couple seconds at bootup.
    I think it's a good balance for me between security and sanity.
    As long as your happy, in the end it's you who
    has to sit in front of it. Thanks for sharing.
     

    shmu26

    Level 82
    Verified
    Trusted
    Content Creator
    My understanding is that CIS employs User Mode hooking - unless COMODO switched to all kernel or a mix of kernel\user mode hooking since 2012.
    we need to weigh the likelihood that malware will bypass CIS sandbox against the likelihood that the user will make an impatient decision when a standard default/deny solution gets in his face.
     

    shmu26

    Level 82
    Verified
    Trusted
    Content Creator
    I switched to COMODO Firewall, with auto-sandbox enabled globally (proactive configuration), and browsers running sandboxed.

    COMODO has its quirks, but the auto-sandbox function is great. It saves you all those agonizing decisions about whether you trust the file or not. You just run your file, and it gets sandboxed. If you like it, you can take it out of sandbox later.
    hmmm, I am not so sure about COMODO anymore. I just installed a little program called Affixa, it makes gmail into your default email client on desktop.
    I clicked on installer, I got one prompt from firewall that a .msi file wants to connect to the internet, and I said okay.
    Then it installed like a little lamb without a single prompt or autosandbox or anything.
    The vendor is not on my trusted list.
    Can't figure out what went wrong here. COMODO is very good at blocking and sandboxing files that I want to run. But when it comes to installing a download...
     

    SHvFl

    Level 35
    Verified
    Trusted
    Content Creator
    Go in autosandbox settings. It has one that checks where the file is coming from. The default used to not sandbox stuff not coming from online(online tracking not accurate obviously in all situations). See if that is said to sandbox all. Not 100% on names becaused i haven't used it for months but go in autosandbox settings and you will figure it out.
     

    shmu26

    Level 82
    Verified
    Trusted
    Content Creator
    Go in autosandbox settings. It has one that checks where the file is coming from. The default used to not sandbox stuff not coming from online(online tracking not accurate obviously in all situations). See if that is said to sandbox all. Not 100% on names becaused i haven't used it for months but go in autosandbox settings and you will figure it out.
    there is a setting called "enable file source tracking". I have it enabled. Should I untick it?
     

    SHvFl

    Level 35
    Verified
    Trusted
    Content Creator
    there is a setting called "enable file source tracking". I have it enabled. Should I untick it?
    Yes you should. That will disable the feature i mentioned above completely.

    Enable file source tracking – If enabled, CIS will decide whether to sandbox a file based on file source, reputation and location. If disabled, sandbox decisions are based only on file reputation and location.
    Also check the setting in the box below this setting by editing each action to see if all are ok based on what you want to achieve.
     

    shmu26

    Level 82
    Verified
    Trusted
    Content Creator
    Yes you should. That will disable the feature i mentioned above completely.



    Also check the setting in the box below this setting by editing each action to see if all are ok based on what you want to achieve.
    I don't know. I unticked source tracking, and I can see the rule that all unknowns are supposed to be sandboxed.
    I deleted the rules for affixa, and tried reinstalling it, but comodo did the same exact thing. one popup for firewall, then total silence.
     

    SHvFl

    Level 35
    Verified
    Trusted
    Content Creator
    I don't know. I unticked source tracking, and I can see the rule that all unknowns are supposed to be sandboxed.
    I deleted the rules for affixa, and tried reinstalling it, but comodo did the same exact thing. one popup for firewall, then total silence.
    Pm me the Afixa link you got and tell me what version of Comodo you use. I will start a VM and try it for you to confirm it's not something in your settings.
     
    H

    hjlbx

    I don't know. I unticked source tracking, and I can see the rule that all unknowns are supposed to be sandboxed.
    I deleted the rules for affixa, and tried reinstalling it, but comodo did the same exact thing. one popup for firewall, then total silence.
    You don't know why this is happening ?

    It is because the Affixa installer is co-signed by COMODO...
     
    • Like
    Reactions: Deleted member 2913