You are totally right. Skype ships bing, comodo - yahoo, Ccleaner (if i have good memory) suggested Goolge chrome ( as Avast), Foxit PDF reader (several years ago) Ask (Hips in paranoid mode helped me to avoid installation of this toolbar).
Using COMODO Firewall as a default-deny security software
- Thread starter TheMalwareMaster
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Status
- Dec 29, 2014
- 1,711
OK I will try to explain. Some programs are legit but make droppers or use a remote script from another app. This can happen easily with browser security extensions that work together with the security program. If the security program creates a randomly named temp file to control the extension, Comodo heuristic c-l will create a new alert each time for the temp file, even though it is the exact same script. These are strored in a folder and they will build up over time.
Ex. Open browser and each time an alert for extension. New file is created by security program to initialize connection to extension (new name but same script)->Allow->Comodo places file which it treats as the script application in ProgramData\Comodo\CIS\tempscrpt folder->they build up over time filling the disk (very slowly but also the alert is a pain). Comodo basically has taken a small portion from the script and now considers that the script itself and then the script a standalone application. These scripts won't run without Comodo's portion.
It's brilliant and all but Comodo was getting complaints about the alerts so they turned off protections
. This was a very bad policy and for home users it's absolutely almost never a problem. I know they will have to fix it which they can if they just add the path of the app of script origination (as a dev note) in the file Comodo creates in tempscrpt folder. Any time Comodo wants to alert for c-l heuristics, the script portion that Comodo would save could be compared to all others already in the tempscrpt folder and then if found verified that it comes from the same app using the dev note path name (dev notes don't affect script function).The biggest problem with the alerts was for devs who have to run complicated tests. Heuristic c-l was apparently causing them problems when they tested their developing apps, but I imagine it was unsightly the alerts happening in offices/businesses with unsigned company scripts.
- Jan 4, 2016
- 1,022
- Dec 29, 2014
- 1,711
Comodo's words on Advanced Firewall settings at the bottom:
General Firewall Settings, PC Firewall, Firewall Protection | Internet Security
Really good setup. Good luck with that.
General Firewall Settings, PC Firewall, Firewall Protection | Internet Security
Really good setup. Good luck with that.
- Jan 4, 2016
- 1,022
This is only the firewall. Do you like mine?Comodo's words on Advanced Firewall settings at the bottom:
General Firewall Settings, PC Firewall, Firewall Protection | Internet Security
Really good setup. Good luck with that.
- Dec 29, 2014
- 1,711
Oh you mean the Comodo help page is for CIS? Firewall information is the same for CIS and CF. The help information is only the CIS help...nothing else from Comodo.
I enabled IPv6 because it's becoming more common. It's useful for looking at the local network, because Windows uses it between PCs. IPv6 connections can be logged if it's checked->good but some confusing alerts about svchost.exe and wmplayer.exe and others->bad. IPv6 still doesn't have much traction across the global internet...
You should be fine as is. Block fragmented and Protocol analysis can help detect DDOS attacks. I have them disabled for now. Doubt I will change them soon if ever.
yes if my memory is good, the one we discussed and acknowledge that to prevent this kind of issue , Comodo HIPS must be set on Paranoid Mode..
- Jan 4, 2016
- 1,022
No, I was saying there is nothing about how to set the containment, HIPS and other stuff
- Nov 15, 2016
- 97
There is..
Try to open Comodo settings, point to where you are wonder about Dan click question mark button on upper right side.
- Jan 4, 2016
- 1,022
- Mar 13, 2016
- 1,298
My bet is that AVAST in hardened agressive mode (with the cloud whitelist) would be an easier to configure alternative.n BTW I like ALL whitelisting concepts, so voted YES
- Dec 23, 2014
- 8,142
Comodo Firewall with @cruelsister settings is easy to configure (pretty much the same number of settings). Avast with the above settings is easier to use for an average user, but Comodo Firewall has strong protection when malware can be executed in the system. I'm saying this, from my experience with both solutions (a couple of years).
I also like ALL whitelisting concepts, so voted YES.
Edit1.
Two years ago, I configured my father's computer using @cruelsister settings, with the autosandbox set to block unrecognized applications. Those settings are safe in the locked system (no Windows updates). I did not dare to test those settings, when the system can make updaes - I was afraid that CF would block some important system files.
Edit2.
One can use CF with the autosandbox set to block, in the system with suspended updates (not possible in Windows 10). When updating, the autosandbox is turned off. After updates, it is necessary to run CF rating scan, and check manually, if the system files are flagged as safe.
Last edited:
- Nov 15, 2016
- 97
How far you learn about Comodo untill today? Is there any important point that you can share with us (again)?
all is the comodo section, just take time to read there, we were few having deep knowledge of comodo :
Q&A - Comodo Internet Security Setup/configuration thread
Comodo's Myths & Facts
Q&A - Comodo Internet Security Setup/configuration thread
Comodo's Myths & Facts
- Jan 4, 2016
- 1,022
Nothing new for now: I'm on Holiday and not testing
- Sep 20, 2017
- 93
so you need two rules
1) block all applications that are unrecognized
2) block all applications that originate from: removable media, internet, intranet...
that wey all the recognized software that you already have installed will run without problems but if you obtain something from outside of your PC will be blocked
- Status
