- Jan 4, 2016
- 1,022
Yes. With all trusted vendors and cloud lookup disabled, it was installed also from Bytefence official website
Using COMODO Firewall as a default-deny security software
- Thread starter TheMalwareMaster
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Status
- Mar 13, 2016
- 1,298
Clean up the trusted vendors list, only auto-allow vendors you have running on your PC (including Microsoft third party and supported hardware)
- Dec 29, 2014
- 1,711
General question scripts brings to mind. Curious if you have enabled all the heuristic command-line detection protections (and embedded)? There is basically no cost to this. I recommend it, although it might mean a rare alert. Just something that you might like for strengthening the setup. For me, it's a fallback should containment fail somehow or should I run malware uncontained by mistake For you, not sure if it helps with default deny but I don't see how it could hurt.
Sounds like Comodo needs to work on their whitelisting more than I realized. If @Maxwell Sien is right about the whitelisting, Comodo is almost pushing users to turn off Cloud Lookup by whitelisting that kind of program.
Well, this is what I did, but would this work well for @TheMalwareMaster since he is creating a template for new users?
Right now i installed (in Comodo virtual desktop) ByteFence. It's rebranded version of Reason core. It scanned and found nothing. bytefence is Pua, but, thanks God, not fake antivirus. It didn't detect eicar viruses. I dowloaded bitconminer Anketa for Iphone.doc.exe (virustotal 47/63). I was unnabled to launch on virtual desktop it because comodo autocontaiment blocked it in real system (i had 96 intrusions and 7 blocked apps and 2 unrecognized files) - by the way, no alerts from real system (i was in full screen mode) So, bytefence at least is very bad, weak antimalware. I removed Bytefence and reason from trusted vendors list and from file ratings.
Last edited:
- Jan 4, 2016
- 1,022
How can I check that? Are they enabled bu default? I spent a lot of time in the settings and I think they were enabled by default
- Jan 4, 2016
- 1,022
Yeah, I was looking for a solution to recommend to the guys who ask me for Windows XP. VoodooShield doesn't work anymore on XP, so there we are: comodo! I can't remove the trusted vendors considering each user has different programs
- Dec 29, 2014
- 1,711
Advanced Protection->Miscellaneous->"Do heuristic command-line analysis for..." Click on "Certain Applications". You can enable them all no problems. Some of them were disabled for me with the previous two updates from Comodo. I reenabled them.
- Jan 4, 2016
- 1,022
Utorrent installation
No security: Bytefece and Avast installed
Comodo with cloud lookup and trusted vendors list: an EXE is blocked. Only Bytefence installed
Comodo with cloud lookup disabled and default trusted vendors list: two scripts blocked and no bundled programs installed. Utorrent opens with an error
No security: Bytefece and Avast installed
Comodo with cloud lookup and trusted vendors list: an EXE is blocked. Only Bytefence installed
Comodo with cloud lookup disabled and default trusted vendors list: two scripts blocked and no bundled programs installed. Utorrent opens with an error
- Jan 4, 2016
- 1,022
This is that blocked executable
Antivirus scan for dffbbb92e2485ee423b4f8fe0b7631dde4cc498302dc2fecde8b44bd865211e1 at 2017-07-08 11:33:58 UTC - VirusTotal
Antivirus scan for dffbbb92e2485ee423b4f8fe0b7631dde4cc498302dc2fecde8b44bd865211e1 at 2017-07-08 11:33:58 UTC - VirusTotal
- Jan 4, 2016
- 1,022
AtlBo, question: if HIPS is disabled, what sens to go to ,,Advanced Protection->Miscellaneous->"Do heuristic command-line analysis for..." Click on "Certain Applications". ? Because it is called,, Hips to perform analyz TheMalwareMaster, did you enabled HIPS or disabled it?
- Jan 4, 2016
- 1,022
That did it @AtlBo
Cloud lookup and trusted vendors on, with all option selected in command line analysis: A lot of command lines were bloked (I don't show all in the photos) and, in the end, no bundled programs. Why the bundled programs were blocked, this time?
HIPS were Always off
Cloud lookup and trusted vendors on, with all option selected in command line analysis: A lot of command lines were bloked (I don't show all in the photos) and, in the end, no bundled programs. Why the bundled programs were blocked, this time?
HIPS were Always off
- Nov 15, 2016
- 97
General question scripts brings to mind. Curious if you have enabled all the heuristic command-line detection protections (and embedded)? There is basically no cost to this. I recommend it, although it might mean a rare alert. Just something that you might like for strengthening the setup. For me, it's a fallback should containment fail somehow or should I run malware uncontained by mistake For you, not sure if it helps with default deny but I don't see how it could hurt.
Sounds like Comodo needs to work on their whitelisting more than I realized. If @Maxwell Sien is right about the whitelisting, Comodo is almost pushing users to turn off Cloud Lookup by whitelisting that kind of program.
Well, this is what I did, but would this work well for @TheMalwareMaster since he is creating a template for new users?
But there many legit programs that are bundled with other legit (free) programs. Similar to UC Browser, Baidu AntiVirus, Chromium, some User Install it on Purpose, some user get it with bundled.
AntiMalware (like MBAM and Zemana) are more aggresive than AntiVirus in blacklist a PUP, maybe because AntiVirus focus on Prevent and AntiMalware focus on cleaning.
In case of PUP, we can't trust AntiVirus 100%. Only User can know what program is installed on purpose and what program is install with Bundled. AntiVirus just can detect a possibility. That's why we need HIPS because it based on user decision.
@TheMalwareMaster, can you send Utorrent installer file to us that contain ByteFence? I just downloded it from official but not bundled with ByteFence. I want to test how HIPS React with this situation.
Last edited:
- Jan 4, 2016
- 1,022
HIPS on safe mode, trusted vendors list on, cloud lookup on, monitor of command lines default. HIPS, blocked the installation of bundled programs
TheMalwareMaster, if you have some time, you can play a game with Comodo: creat a file test.doc.exe . Upload it to some filesharing service. Open comodo, enable Hips. Go to hips setting-to blocked objects. browse to any file and rename it *.doc.exe .Save changes. After that try to download your text file. It shoud be blocked by..... Comodo hips without alerts. Or you can go to rghost search for Анкета доставки iPhone.doc.exe In this way you can add all kind of staff *.pdf.exe, *.jpg.exe. *.doc.vbs etc. I had a list of about 20 possibe variants. I disabled HIPS, so this list won't help to me.
- Jan 4, 2016
- 1,022
HIPS blocked the bundled programs without alert, even if they were set to alert. Here is the utorrent file @Maxwell Sien
uTorrent.exe
uTorrent.exe
- Nov 15, 2016
- 97
Maybe you can see all blocking activities here: Manage Blocked Items, Blocked Applications, Comodo Internet Security | COMODO
- Jan 4, 2016
- 1,022
- Nov 15, 2016
- 97
Thank you
You can find it here: General Firewall Settings, PC Firewall, Firewall Protection | Internet Security
As far I know, Enable anti-ARP spoofing is for prevent Net Cut Attack in Wireless Connection..
- Jan 4, 2016
- 1,022
Last config for maximum security. Tell me if it can still be improved, test it in a virtual machine please. Cloud lookup is off but trusted vendors are on because it's not for a particular system, but for all COMODO - Maximum Security.cfgx
- Status
