Arequire

Level 22
Content Creator
Verified
Joined
Feb 10, 2017
Messages
1,161
#21
1. I don't think so, everything in the TVL or trusted by the user can run freely
2. If the file is on TVL or trusted by the user, it won't be checked on cloud
3. Only if you set Viruscope to check files outside the sandbox too

Edit: Trusted Vendors, PC Firewall, Internet Protection | Internet Security Help

If the vendor is on the 'Trusted Software Vendor List 'AND the user has enabled 'Trust Applications signed by Trusted Vendors' in the 'File Rating Settings' panel, THEN the application will be trusted and allowed to run.
I'm confident the first two points I made are correct but I've emailed Comodo about them for confirmation purposes. I'll post the response when they get back to me.

As for Viruscope, it depends what product you use. Both Comodo Internet Security and Comodo Firewall have Viruscope monitoring applications outside the sandbox by default. If you use Comodo Cloud Antivirus then you have to change a setting to allow it to monitor outside the sandbox.

Edit: Looked around and found one of Cruelsister's previous posts that states revoked certificates don't bypass the TVL:
Compare Protection - Trusted Application Module vs Application Control vs CIS
I'll wait for Comodo's response for definitive confirmation though.
 
Last edited:
Likes: notabot

JM Safe

Level 36
Content Creator
Verified
Joined
Apr 12, 2015
Messages
2,522
Operating System
Windows 10
Antivirus
Kaspersky
#23
SRP or Comodo Firewall as already said.
 
Joined
Oct 31, 2018
Messages
206
Operating System
Windows 10
Antivirus
Sophos
#28
Thanks all for looking into this.

How did Comodo fare during the ccleaner incident? Did it detect it ? If so how soon after the malicious update ?
 

Arequire

Level 22
Content Creator
Verified
Joined
Feb 10, 2017
Messages
1,161
#30
How did Comodo fare during the ccleaner incident? Did it detect it ? If so how soon after the malicious update ?
I'm not sure how Comodo fared honestly. Remember that CCleaner itself wasn't technically the actual malware; it just connected to a server hosting the malware and downloaded it from there. So assuming the malware that was downloaded was unsigned or using a certificate by an untrusted vendor then it should've been sandboxed by Comodo. If it was signed using a certificate from a trusted vendor then I believe it would've been allowed to run without hindrance.
 
Last edited:
Joined
Oct 31, 2018
Messages
206
Operating System
Windows 10
Antivirus
Sophos
#31
I'm not sure how Comodo fared honestly. Remember that CCleaner itself wasn't technically the actual malware; it just connected to a server hosting the malware and downloaded it from there. So assuming the malware that was downloaded was unsigned or using a certificate by an untrusted vendor then it should've been sandboxed by Comodo. If it was signed using a certificate from a trusted vendor then I believe it would've been allowed to run without hindrance.
Thanks for this - what I had read was that the update itself had malware which connected to c&c but this could well had been a journalist not-so-accurately reporting the incident , I didn’t have first hand experience with the ccleaner incident .

Overall , what’s the performance hit ( if any ) for Commodo sandboxing everything not whitelisted? Also where can I find out more about how well it plays with 3rd party security suites ( Sophos, ESET ) or even WD
 

Arequire

Level 22
Content Creator
Verified
Joined
Feb 10, 2017
Messages
1,161
#32
Overall , what’s the performance hit ( if any ) for Commodo sandboxing everything not whitelisted?
It'll only sandbox files that don't have a digital signature from a trusted vendor and have an unknown file rating on their cloud database.
Comodo Firewall has the least performance impact of all Comodo's products and there's very little performance hit when something's being sandboxed. Obviously if a cryptominer gets thrown in the sandbox and it's designed to max out your CPU then it'll be a different story.

Also where can I find out more about how well it plays with 3rd party security suites ( Sophos, ESET ) or even WD
Generally you'll want to pair it with a standard antivirus, not a full-blown suite. Most suites have their own firewall component which may cause conflict with Comodo Firewall. I can't tell you which third-party solutions it doesn't play well with but it should be perfectly fine with the majority of them; WD being the obvious candidate for compatibility with it being integrated into the OS.
 
Joined
Jul 26, 2018
Messages
65
Operating System
Windows 8.1
Antivirus
Comodo
#33
Overall , what’s the performance hit ( if any ) for Commodo sandboxing everything not whitelisted? Also where can I find out more about how well it plays with 3rd party security suites ( Sophos, ESET ) or even WD
you can use with kaspersky free or sc without problem

Overall , what’s the performance hit ( if any ) for Commodo sandboxing everything not whitelisted?
auto containment settings > select unrecognized files > block > no performance hit
 
Joined
Oct 31, 2018
Messages
206
Operating System
Windows 10
Antivirus
Sophos
#34
In comodo, can I select specific signed apps to always be sandboxed ? This would be a good solution to sandboxing apps whose vendors & supply chain one does not fully trust
 
Joined
Jul 29, 2018
Messages
237
Operating System
Windows 10
Antivirus
Avast
#37
Fantastic! - am I right to assume that Comodo’s sandboxing can only works when HIPS is switched off from internet security suites ?
You can run both, but sandbox will kick in first, so hips will give you nothing more.
The biggest problem with Comodo is that it can cause issues with Windows 10, especially after a patch Tuesday update
 
Likes: notabot

Moonhorse

Level 22
Content Creator
Verified
Joined
May 29, 2018
Messages
1,176
Operating System
Windows 10
Antivirus
Windows Defender
#38
You can run both, but sandbox will kick in first, so hips will give you nothing more.
The biggest problem with Comodo is that it can cause issues with Windows 10, especially after a patch Tuesday update
Not with the comodo cloud :emoji_thinking: Comodo has top notch trusted vendors list, doubt anyone will waste possible trusted malware on home users as its been talked before

sandbox will kick in first
Pretty much this
 
Joined
Oct 31, 2018
Messages
206
Operating System
Windows 10
Antivirus
Sophos
#39
Does it auto sandbox even things not initiated by explorer/shell so suppose someone exploits my browser to run something remote - will it be sandboxed ?