- Apr 25, 2013
- 5,356
Webroot SecureAnywhere testing with spyware (Identity Protection is on)
- Thread starter Petrovic
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
I use CIS & FW setting as "Dont Show Popups" checked & set to "Block".
This will allow safe programs connection automatically & block unknown connections, right?
So I will be safe from this type of spyware, if the spyware was autosandboxed, right?
This will allow safe programs connection automatically & block unknown connections, right?
So I will be safe from this type of spyware, if the spyware was autosandboxed, right?
Yes. Those are settings I configured on one system.
Every once in a while I check the logs to see which files are Unrecognized and blocked. IF any are from vendors on Trusted Vendor List (TVL) I can do one of three things:
Every once in a while I check the logs to see which files are Unrecognized and blocked. IF any are from vendors on Trusted Vendor List (TVL) I can do one of three things:
- Change rating from Unrecognized to Trusted; or
- Leave rated as Unrecognized and create HIPS and firewall Allow rules and auto-sandbox Ignore rules; or
- Both
Thanxx for the info.
On the usability front, CIS still has a long way to go.
Individual program removal from sandbox is needed.
Would like to see GUI features like "Sandboxed Programs" so that you can easily remove any individual sandboxed programs.
Autosandbox popup to "ask" instead of autosandboxing files.
Exclusion for Cloud AV detection when CAV is not installed.
Instead of "Remember This" on the popup, I think the better approach would be when you click allow/block, it expands & shows allow once/allow permanently. "Remember This" quite a few times goes unnoticed i.e I myself quite a few times wanted to allow once & forget to notice "Remember This" was checked or unchecked. On my personal laptop I keep "Dont show popups" for firewall unchecked.
I have posted these on Comodo forum.
On the usability front, CIS still has a long way to go.
Individual program removal from sandbox is needed.
Would like to see GUI features like "Sandboxed Programs" so that you can easily remove any individual sandboxed programs.
Autosandbox popup to "ask" instead of autosandboxing files.
Exclusion for Cloud AV detection when CAV is not installed.
Instead of "Remember This" on the popup, I think the better approach would be when you click allow/block, it expands & shows allow once/allow permanently. "Remember This" quite a few times goes unnoticed i.e I myself quite a few times wanted to allow once & forget to notice "Remember This" was checked or unchecked. On my personal laptop I keep "Dont show popups" for firewall unchecked.
I have posted these on Comodo forum.
- Apr 13, 2013
- 3,224
All keyloggers, info stealers, etc. must have two components:
1). The Collector (of information to be stolen), and
2). The Transmitter (connecting to the Internet to send the info stolen by the Collector).
Both of the above have to be undetected and allowed to operate in order for the user to suffer a breach, and blocking either one or two will protect the user. Things like traditional AV's and anti-logger programs like Zemana will concentrate on stopping the Collector (either by direct Definition-based detection or by stopping the mechanism of the collection itself). Comodo also has the potential of detection the malware via the Cloud, but will take a broader protection pathway by Sandboxing the mlaware and preventing transmission.
Yesnoo-
1).On Comodo, just right click the icon in the Taskbar and select "Advanced View". This will show the amount of things in the Sandbox, and by clicking on this one can add whatever to Trusted).
2). Asking the User if they want a program sandboxed would be like Norton asking the user if they want to run an application even though it has been flagged as malicious. A really, really bad idea.
3). You can shut off the clod AV easily- Go into Advanced settings, File Rating Settings and there is a Checkbox to Enable the Cloud AV. I normally turn off the Cloud in the few Video's I've done so it won't detract form the Sandbox.
4). I also have the Sandbox popup alert disabled. On a legitimate application, when the application box shows up it would be bordered in Green as a visual cue, thus (for me at least) obviating any need for a popup. If you run an exe and don't get an application box this is pretty indicative that that file is messing with your computer directly (like Ransomware), so not getting any visual cues or popups is a very good thing.
1). The Collector (of information to be stolen), and
2). The Transmitter (connecting to the Internet to send the info stolen by the Collector).
Both of the above have to be undetected and allowed to operate in order for the user to suffer a breach, and blocking either one or two will protect the user. Things like traditional AV's and anti-logger programs like Zemana will concentrate on stopping the Collector (either by direct Definition-based detection or by stopping the mechanism of the collection itself). Comodo also has the potential of detection the malware via the Cloud, but will take a broader protection pathway by Sandboxing the mlaware and preventing transmission.
Yesnoo-
1).On Comodo, just right click the icon in the Taskbar and select "Advanced View". This will show the amount of things in the Sandbox, and by clicking on this one can add whatever to Trusted).
2). Asking the User if they want a program sandboxed would be like Norton asking the user if they want to run an application even though it has been flagged as malicious. A really, really bad idea.
3). You can shut off the clod AV easily- Go into Advanced settings, File Rating Settings and there is a Checkbox to Enable the Cloud AV. I normally turn off the Cloud in the few Video's I've done so it won't detract form the Sandbox.
4). I also have the Sandbox popup alert disabled. On a legitimate application, when the application box shows up it would be bordered in Green as a visual cue, thus (for me at least) obviating any need for a popup. If you run an exe and don't get an application box this is pretty indicative that that file is messing with your computer directly (like Ransomware), so not getting any visual cues or popups is a very good thing.
Last edited:
There are a lot of quirks with CIS. I am active bug reporter on Comodo forum. Believe me when I say "I know..."
There is nothing I can find that represents HUGE security hole or vulnerability... just a lot of minor quirks\bugs.
Comodo does not have an employee assigned to managing bugs and bug reports - the forum Moderators perform those tasks. The Mods are slow because they have lives outside of forum. Plus, everyone wants bugs fixed yesterday.
Change comes slowly to CIS - and sometimes fixes are only partial. Development doesn't explain why they chose to fix one thing, not the other, and only part of another.
With proper settings Comodo is better than some think - and not as bad as some others think. It is solid, respectable base-line security software... I think. One can certainly do a whole lot worse...
Similar threads
