Arequire

Level 23
Content Creator
Verified
1. I don't think so, everything in the TVL or trusted by the user can run freely
2. If the file is on TVL or trusted by the user, it won't be checked on cloud
3. Only if you set Viruscope to check files outside the sandbox too

Edit: Trusted Vendors, PC Firewall, Internet Protection | Internet Security Help

If the vendor is on the 'Trusted Software Vendor List 'AND the user has enabled 'Trust Applications signed by Trusted Vendors' in the 'File Rating Settings' panel, THEN the application will be trusted and allowed to run.
I'm confident the first two points I made are correct but I've emailed Comodo about them for confirmation purposes. I'll post the response when they get back to me.

As for Viruscope, it depends what product you use. Both Comodo Internet Security and Comodo Firewall have Viruscope monitoring applications outside the sandbox by default. If you use Comodo Cloud Antivirus then you have to change a setting to allow it to monitor outside the sandbox.

Edit: Looked around and found one of Cruelsister's previous posts that states revoked certificates don't bypass the TVL:
Compare Protection - Trusted Application Module vs Application Control vs CIS
I'll wait for Comodo's response for definitive confirmation though.
 
Last edited:
  • Like
Reactions: notabot

notabot

Level 8
Thanks all for looking into this.

How did Comodo fare during the ccleaner incident? Did it detect it ? If so how soon after the malicious update ?
 

Arequire

Level 23
Content Creator
Verified
How did Comodo fare during the ccleaner incident? Did it detect it ? If so how soon after the malicious update ?
I'm not sure how Comodo fared honestly. Remember that CCleaner itself wasn't technically the actual malware; it just connected to a server hosting the malware and downloaded it from there. So assuming the malware that was downloaded was unsigned or using a certificate by an untrusted vendor then it should've been sandboxed by Comodo. If it was signed using a certificate from a trusted vendor then I believe it would've been allowed to run without hindrance.
 
Last edited:

notabot

Level 8
I'm not sure how Comodo fared honestly. Remember that CCleaner itself wasn't technically the actual malware; it just connected to a server hosting the malware and downloaded it from there. So assuming the malware that was downloaded was unsigned or using a certificate by an untrusted vendor then it should've been sandboxed by Comodo. If it was signed using a certificate from a trusted vendor then I believe it would've been allowed to run without hindrance.
Thanks for this - what I had read was that the update itself had malware which connected to c&c but this could well had been a journalist not-so-accurately reporting the incident , I didn’t have first hand experience with the ccleaner incident .

Overall , what’s the performance hit ( if any ) for Commodo sandboxing everything not whitelisted? Also where can I find out more about how well it plays with 3rd party security suites ( Sophos, ESET ) or even WD
 

Arequire

Level 23
Content Creator
Verified
Overall , what’s the performance hit ( if any ) for Commodo sandboxing everything not whitelisted?
It'll only sandbox files that don't have a digital signature from a trusted vendor and have an unknown file rating on their cloud database.
Comodo Firewall has the least performance impact of all Comodo's products and there's very little performance hit when something's being sandboxed. Obviously if a cryptominer gets thrown in the sandbox and it's designed to max out your CPU then it'll be a different story.

Also where can I find out more about how well it plays with 3rd party security suites ( Sophos, ESET ) or even WD
Generally you'll want to pair it with a standard antivirus, not a full-blown suite. Most suites have their own firewall component which may cause conflict with Comodo Firewall. I can't tell you which third-party solutions it doesn't play well with but it should be perfectly fine with the majority of them; WD being the obvious candidate for compatibility with it being integrated into the OS.
 
  • Like
Reactions: notabot and kylprq

kylprq

Level 3
Overall , what’s the performance hit ( if any ) for Commodo sandboxing everything not whitelisted? Also where can I find out more about how well it plays with 3rd party security suites ( Sophos, ESET ) or even WD
you can use with kaspersky free or sc without problem

Overall , what’s the performance hit ( if any ) for Commodo sandboxing everything not whitelisted?
auto containment settings > select unrecognized files > block > no performance hit
 

notabot

Level 8
In comodo, can I select specific signed apps to always be sandboxed ? This would be a good solution to sandboxing apps whose vendors & supply chain one does not fully trust
 

imuade

Level 7
Verified
Fantastic! - am I right to assume that Comodo’s sandboxing can only works when HIPS is switched off from internet security suites ?
You can run both, but sandbox will kick in first, so hips will give you nothing more.
The biggest problem with Comodo is that it can cause issues with Windows 10, especially after a patch Tuesday update
 
  • Like
Reactions: notabot

Moonhorse

Level 24
Content Creator
Verified
You can run both, but sandbox will kick in first, so hips will give you nothing more.
The biggest problem with Comodo is that it can cause issues with Windows 10, especially after a patch Tuesday update
Not with the comodo cloud :emoji_thinking: Comodo has top notch trusted vendors list, doubt anyone will waste possible trusted malware on home users as its been talked before

sandbox will kick in first
Pretty much this
 
  • Like
Reactions: kylprq and notabot

notabot

Level 8
Does it auto sandbox even things not initiated by explorer/shell so suppose someone exploits my browser to run something remote - will it be sandboxed ?
 

Similar Threads

Similar Threads