Using Comodo Sandbox with Appguard?

Status
Not open for further replies.
cutting_edgetech

cutting_edgetech

Level 3
Thread author
Verified
Feb 14, 2013
113
Has anyone used Comodo Sandbox with Appguard? Is there any conflict, or special configuration needed? The last time I used Comodo with AppGuard I didn't use Comodo Sandbox at all.
 
  • Like
Reactions: Moose
H

hjlbx

cutting_edgetech said:
Has anyone used Comodo Sandbox with Appguard? Is there any conflict, or special configuration needed? The last time I used Comodo with AppGuard I didn't use Comodo Sandbox at all.
Click to expand...

I have tried the Comodo Firewall - AppGuard combo. It's OK.

In the end I much preferred AppGuard + Shadow Defender combo since it is essentially bug-free compared to Comodo Firewall.

So, in other words, AppGuard + Comodo Firewall do work together - I just added CFW to the AG Power Apps and excluded AG in CFW.

It's been a long while...

I can tell you both CIS and NVT ERP or VooDooShield work well together - but, if you use HIPS, then you will get double alerts. Most often those alerts "over-lap."
 
  • Like
Reactions: Moose
cutting_edgetech

cutting_edgetech

Level 3
Thread author
Verified
Feb 14, 2013
113
Yeah, I actually tried AppGuard, and VoodooShield with Comodo, but I never did try Comodo Sandbox. Sandboxes have not really fit in well with my setup over the years. I feel that i'm well protected without them, but I was curious if AG would work with Comdo Sandbox. I should have tried them together during the 6 weeks I used Comodo. It's probably been 6 weeks since I tried Comodo. If I try Comodo again I will be removing all trusted publishers immediately. I think its none sense having all those allowed for users that know what they are doing.

I wish Comodo would just focus on making Comodo FW/HIPS lighter, and fixing bugs. I would also like to see what methods they use to intercept various executions. I tried Comodo with AG, and VS. Comodo was always the last to intercept executions. I had not used Comodo in a long time, and I thought Comodo would intercept executions first because Online Armor intercepts execution before AG, and VS. I assumed Comodo would use similar methods as Online Armor. I assume they use hooks, and probably injection also. I wonder if they use a KMD for any of their mitigations. I will see if they will release any information on the methods they use if I decide to try Comodo again. I want bother them unless I decide to use Comodo again.
 
D

Deleted member 178

used CIS + AG (with proper exceptions done) , no issues so far.
 
  • Like
Reactions: Moose
H

hjlbx

cutting_edgetech said:
Yeah, I actually tried AppGuard, and VoodooShield with Comodo, but I never did try Comodo Sandbox. Sandboxes have not really fit in well with my setup over the years. I feel that i'm well protected without them, but I was curious if AG would work with Comdo Sandbox. I should have tried them together during the 6 weeks I used Comodo. It's probably been 6 weeks since I tried Comodo. If I try Comodo again I will be removing all trusted publishers immediately. I think its none sense having all those allowed for users that know what they are doing.

I wish Comodo would just focus on making Comodo FW/HIPS lighter, and fixing bugs. I would also like to see what methods they use to intercept various executions. I tried Comodo with AG, and VS. Comodo was always the last to intercept executions. I had not used Comodo in a long time, and I thought Comodo would intercept executions first because Online Armor intercepts execution before AG, and VS. I assumed Comodo would use similar methods as Online Armor. I assume they use hooks, and probably injection also. I wonder if they use a KMD for any of their mitigations. I will see if they will release any information on the methods they use if I decide to try Comodo again. I want bother them unless I decide to use Comodo again.
Click to expand...

When I combine Comodo with NVT ERP or VS, it is always Comodo that detects and notifies first - and it is very fast. I have Proactive Security\HIPS enabled... so perhaps that has something to do with it.

In any case, it appears two different users with two different systems = two different experiences with security softs.

I, as well as a lot of other CIS users, have tried to get infos regarding how CIS works - but little, if anything, is to be found. Comodo itself never provides any in-depth technical explanations; their answers are almost always two-liners. It seems to me they don't want to give up technical details...
 
  • Like
Reactions: shmu26, porkpiehat and Moose
cutting_edgetech

cutting_edgetech

Level 3
Thread author
Verified
Feb 14, 2013
113
Umbra said:
used CIS + AG (with proper exceptions done) , no issues so far.
Click to expand...
Thank you for information! If I try them together I may check with you to make sure I have the right exceptions to use comodo Sandbox to avoid conflicts.
 
cutting_edgetech

cutting_edgetech

Level 3
Thread author
Verified
Feb 14, 2013
113
hjlbx said:
When I combine Comodo with NVT ERP or VS, it is always Comodo that detects and notifies first - and it is very fast. I have Proactive Security\HIPS enabled... so perhaps that has something to do with it.


In any case, it appears two different users with two different systems = two different experiences with security softs.
Click to expand...
That's very interesting. It makes me want to go back, and try it again.

hjlbx said:
I, as well as a lot of other CIS users, have tried to get infos regarding how CIS works - but little, if anything, is to be found. Comodo itself never provides any in-depth technical explanations; their answers are almost always two-liners. It seems to me they don't want to give up technical details...
Click to expand...
I would assume they have made some changes since that article came out around 2012 that showed verified methods for bypassing Comodo HIPS. They took advantage of Comodo not using ASLR, and DEP. I know they use ASLR now.. well I think I remember checking, and verifying that they do now with Process Explorer. I think that's probably not all they have changed since then, but keeping quite about their method undoubtedly helps to prevent Comodo from being bypassed by exploit. I would like to see them spend more time on the Firewall, and add IDS protection for common inbound attacks. I don't think Comodo has IDS protection yet, but I could be wrong.
 
H

hjlbx

cutting_edgetech said:
Thank you for information! If I try them together I may check with you to make sure I have the right exceptions to use comodo Sandbox to avoid conflicts.
Click to expand...

In CIS:

  • AV - exclude scanning of AppGuard program and appdata folders
  • Auto-Sandbox - create Ignore rule for AppGuard program and appdata folders
  • HIPS - create Allow rule for AppGuard program and appdata folders
  • Firewall - create Outgoing-Only Allow rule for AppGuard
  • File List - make sure Blue Ridge Networks is in your local CIS Trusted Vendor List (TVL) and all AG executables and associated files are rated as Trusted (which they should be, unless BRN recently updated AG modules and they haven't been submitted for white-listing yet)

At least this is what I did. I didn't mess about with specifying only the AG executables - since I am too lazy to sort it out - plus CIS makes it so easy to add the entire folder.
 
  • Like
Reactions: cutting_edgetech and Deleted member 178
cutting_edgetech

cutting_edgetech

Level 3
Thread author
Verified
Feb 14, 2013
113
The last time I used Comodo I had already done all that for AppGuard except for the appdata folders. I didn't know that would be needed. During that time I did not try the sandbox at all. I've just kind of got the urge to try the sandbox lately.
 
  • Like
Reactions: shmu26
H

hjlbx

cutting_edgetech said:
That's very interesting. It makes me want to go back, and try it again.

I would assume they have made some changes since that article came out around 2012 that showed verified methods for bypassing Comodo HIPS. They took advantage of Comodo not using ASLR, and DEP. I know they use ASLR now.. well I think I remember checking, and verifying that they do now with Process Explorer. I think that's probably not all they have changed since then, but keeping quite about their method undoubtedly helps to prevent Comodo from being bypassed by exploit. I would like to see them spend more time on the Firewall, and add IDS protection for common inbound attacks. I don't think Comodo has IDS protection yet, but I could be wrong.
Click to expand...

In all honesty, CIS + antiexecutable is complete overkill for typical, daily use since CIS sandbox can be configured to block all Unrecognized files. When configured in this way, it is essentially an antiexecutable with integrated firewall and HIPS.

There are still various bugs - that vary widely depending upon the OS. In my estimation, CIS still operates best on W7 systems. You are accustomed to ESS which means you will find CIS' bugginess intolerable. ESS is a polished soft whereas I don't think CIS will ever be... at least not anytime within the next five years - if that...

Currently, I use CIS with either NVT ERP or VS since AE configuration does not block certain installers. I am working with Comodo engineering to get it fixed. There is some indication that it is W8\8.1 specific but I am not absolutely certain of it.
 
  • Like
Reactions: Deleted member 178
H

hjlbx

cutting_edgetech said:
The last time I used Comodo I had already done all that for AppGuard except for the appdata folders. I didn't know that would be needed. During that time I did not try the sandbox at all. I've just kind of got the urge to try the sandbox lately.
Click to expand...

Restless-Geek-Syndrome :D That's me... all the time. I suffer from it terribly...

Ooops... wrong thread.
 
  • Like
Reactions: Deleted member 178
cutting_edgetech

cutting_edgetech

Level 3
Thread author
Verified
Feb 14, 2013
113
hjlbx said:
In all honesty, CIS + antiexecutable is complete overkill for typical, daily use since CIS sandbox can be configured to block all Unrecognized files. When configured in this way, it is essentially an antiexecutable with integrated firewall and HIPS.

There are still various bugs - that vary widely depending upon the OS. In my estimation, CIS still operates best on W7 systems. You are accustomed to ESS which means you will find CIS' bugginess intolerable. ESS is a polished soft whereas I don't think CIS will ever be... at least not anytime within the next five years - if that...

Currently, I use CIS with either NVT ERP or VS since AE configuration does not block certain installers. I am working with Comodo engineering to get it fixed. There is some indication that it is W8\8.1 specific but I am not absolutely certain of it.
Click to expand...
I think they will be a lot better off if they stop adding stuff now, and fix what they have. If I was in charge of Comodo development all I would be concerned about is discovering, and fixing bugs.
 
D

Deleted member 178

cutting_edgetech said:
I think they will be a lot better off if they stop adding stuff now, and fix what they have. If I was in charge of Comodo development all I would be concerned about is discovering, and fixing bugs.
Click to expand...

i think it is what many many of us keep saying to them on the forum since v6 but we were unheard...

btw, if i could figure why CIS sandbox takes over Sbie , i will return to CIS. on v6 both works in tandem flawlessly.
 
  • Like
Reactions: XhenEd and cutting_edgetech
H

hjlbx

cutting_edgetech said:
The last time I used Comodo I had already done all that for AppGuard except for the appdata folders. I didn't know that would be needed.
Click to expand...

Like I said, I was lazy and just added the AppData folders since it is so easy to do in CIS.

If anything, excluding AppData might prevent some unforeseen problems. It doesn't hurt, even though it probably isn't absolutely critical to do so...
 
porkpiehat

porkpiehat

Level 6
Verified
Well-known
May 30, 2015
277
hjlbx said:
When I combine Comodo with NVT ERP or VS, it is always Comodo that detects and notifies first - and it is very fast. I have Proactive Security\HIPS enabled... so perhaps that has something to do with it.
Click to expand...
this is what I've found, and I run Comodo with Proactive Security\HIPS enabled and VS..
 
Status
Not open for further replies.

Similar threads

cartaphilus
    • Like
Question Looking for non flammable version of an honest question: what makes sandboxie different from Comodo Sandbox?
Replies
14
Views
624
Comodo
rashmi
rashmi
cartaphilus
    • Like
Serious Discussion Can Comodo Sandbox container be installed just by itself without anyting else?
Replies
12
Views
859
Comodo
Jonny Quest
Jonny Quest
rashmi
    • Like
    • +Reputation
Serious Discussion Comodo Containment "Restricted" Restriction Level
Replies
24
Views
1,818
Comodo
rashmi
rashmi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top