What exclusion should I do for this configuration: Avira IS+CF+Mbam Free+Voodooshield

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Yes, i see now. Thanks!
the cruelsister config is a foolproof way to run comodo.
Some people like to play around with settings and try out all sorts of features. But it is smart to first run comodo with her config, until you are familiar with comodo and how it works.
Later, if you feel the need to tweak...
 
  • Like
Reactions: AtlBo and vlad64

vlad64

Level 1
Thread author
Nov 26, 2016
14
So, I'm changing the settings now for Comodo. I'm getting a little bit paranoic lately about security :) .
Giving the initial setup from the first post of this thread ,I'm concerned that I maybe was not scure with Comodo In "Firewall mode", after I saw cruelsister said that NEVER EVER should use this mode.
After the new changes I'm gonna make to CF, I'm planning to run a scan with both, avira and mbam. If nothing will be detected, can I assume I'm "safe" and go on from there?
 
  • Like
Reactions: AtlBo and shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
So, I'm changing the settings now for Comodo. I'm getting a little bit paranoic lately about security :) .
Giving the initial setup from the first post of this thread ,I'm concerned that I maybe was not scure with Comodo In "Firewall mode", after I saw cruelsister said that NEVER EVER should use this mode.
After the new changes I'm gonna make to CF, I'm planning to run a scan with both, avira and mbam. If nothing will be detected, can I assume I'm "safe" and go on from there?
I am sure you will find that your system is clean. I will tell you the problem with firewall config: it applies the autosandbox function only to your download folder and a couple other special locations. But if, for instance, you copy a downloaded file onto your desktop, and you run it there, the autosandbox settings will not apply to it. That's the main problem with it.
 
  • Like
Reactions: vlad64 and AtlBo

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
I'd go with Avira and Comodo firewall, then use MBAM as an on demand scanner. With Avira and Comodo firewall you have your signature detection from Avira, Zero Day protection from Comodo and a second opinion on demand scanner with MBAM.
 
  • Like
Reactions: shmu26 and vlad64

vlad64

Level 1
Thread author
Nov 26, 2016
14
One more question. I disabled HIPS, but I still can check or uncheck the other options from HIPS settings. Are these having any effect since Enable Hips is unchecked?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
One more question. I disabled HIPS, but I still can check or uncheck the other options from HIPS settings. Are these having any effect since Enable Hips is unchecked?
as far as I know, they have no effect as long as HIPS is disabled.
 
  • Like
Reactions: vlad64

vlad64

Level 1
Thread author
Nov 26, 2016
14
Vlad-

2). Your browser problem is this and easy to fix- You are trying to run the browser in the sandbox, but you also have the Firewall settings box ticked to block all sandboxed applications from accessing the network! You can resolve the issue by unchecking the box 'Do Not Show Popup Alerts'. Personally I wouldn't bother to run the browser in the sandbox at all and actually leave that firewall setting at Block, but that's just me.

As I'm trying to get more knowledge about security in nowadays, I still have some questions, it would be nice if you can answer them or any other member who can help.
This is my security setup: Avira IS+CF(proactive config+auto-sandbox on(level restricted) , HIPS off)+MBAM(on-demand)

Did I understand correctly that you wouldn't bother to run the browser in the sandbox because you count on a clean system? Are situations when I should use Comodo VD or other sandboxing programs for web browsing or for running applications in isolated enviroment if I'm not testing AVs and scanning on virustotal.com any application before installing which doesn't have signature and it's alerted by CF auto-sandbox.

I saw that avira doesn't offer very good behavioural protection, but has good signature database. Will CF complete this lack? My license expires in March 2017, do you recommend moving to another security product? If yes, what would be your recommendations? Thanks!
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
As I'm trying to get more knowledge about security in nowadays, I still have some questions, it would be nice if you can answer them or any other member who can help.
This is my security setup: Avira IS+CF(proactive config+auto-sandbox on(level restricted) , HIPS off)+MBAM(on-demand)

Did I understand correctly that you wouldn't bother to run the browser in the sandbox because you count on a clean system? Are situations when I should use Comodo VD or other sandboxing programs for web browsing or for running applications in isolated enviroment if I'm not testing AVs and scanning on virustotal.com any application before installing which doesn't have signature and it's alerted by CF auto-sandbox.

I saw that avira doesn't offer very good behavioural protection, but has good signature database. Will CF complete this lack? My license expires in March 2017, do you recommend moving to another security product? If yes, what would be your recommendations? Thanks!
Hi, here is my two cents:
the idea of running browser in sandbox is to prevent those relatively rare browser exploits, lately they seem to enter the system mostly through flash.
If you browse with chrome, and keep it updated, you are pretty safe, although it is recommended to set flash not to run automatically. Or, you could do as it says here: https://malwaretips.com/posts/574105/

Firefox is not quite as secure as chrome, but again, this exploit business is relatively rare stuff.

As for your choice of AV: it doesn't really matter, because if you run CFW in proactive config with autosandbox, your AV is like marshmallows compared to a tank. You may choose whatever flavor of marshmallows you like best. I do agree with you that Avira has great sigs, though.

MBAM, in your config, will mainly help to protect from PUPs.
 
  • Like
Reactions: vlad64

vlad64

Level 1
Thread author
Nov 26, 2016
14
Hi, here is my two cents:
the idea of running browser in sandbox is to prevent those relatively rare browser exploits, lately they seem to enter the system mostly through flash.
If you browse with chrome, and keep it updated, you are pretty safe, although it is recommended to set flash not to run automatically. Or, you could do as it says here: https://malwaretips.com/posts/574105/

Firefox is not quite as secure as chrome, but again, this exploit business is relatively rare stuff.

As for your choice of AV: it doesn't really matter, because if you run CFW in proactive config with autosandbox, your AV is like marshmallows compared to a tank. You may choose whatever flavor of marshmallows you like best. I do agree with you that Avira has great sigs, though.

MBAM, in your config, will mainly help to protect from PUPs.

Hi, thank you again!

I don't have Flash Player installed at the moment and browsing with Avira Scout(chrome based+HTTPS ev.+Privacy badger+Avira Browser safety).

I read the thread you gave me and I want to ask if the changes will be ok to be made on Avira Scout, and if yes, what to select for AppContainer, All Plugins?

With these settings you gave and with Avira Scout, from what I understand, there is not need to browse sandboxed with Comodo or other similar program, right?
What about running known programs sandboxed? Are any reasons to do that? If yes, in which case?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Hi, thank you again!

I don't have Flash Player installed at the moment and browsing with Avira Scout(chrome based+HTTPS ev.+Privacy badger+Avira Browser safety).

I read the thread you gave me and I want to ask if the changes will be ok to be made on Avira Scout, and if yes, what to select for AppContainer, All Plugins?

With these settings you gave and with Avira Scout, from what I understand, there is not need to browse sandboxed with Comodo or other similar program, right?
What about running known programs sandboxed? Are any reasons to do that? If yes, in which case?
okay, I am not familiar with Avira Scout, but if you have some options for appcontainer, choose the most all-inclusive option. In regular chrome, it is Enable AppContainer Lockdown.

If you can at least put all plugins inside appcontainer, that sounds pretty secure to me, although I am not commenting on the general security level of Avira Scout browser. Do keep in mind that they can't possibly have the money and resources to keep their browser as tight as Google Chrome. I assume you will not get patches until Google first puts them out, and then Avira figures out how to implement them, if they even can.

Should you browse in COMODO sandbox? It depends how paranoid or perfectionist you want to be. You will gain a little security, at the expense of some convenience, functionality, and possible complications. Some people are real hard-core security enthusiasts, and will not think of browsing unless they are sandboxed or isolated or whatever. Most folks are not that extreme.

As for sandboxing other vulnerable apps, such as Adobe PDF Reader: why not just make life easy, and use a safer PDF reader, such as Sumatra, or use Edge in Windows 10? All those default Windows 10 apps such as Edge and Groove Music and the photo viewer, they all run in appcontainer, and that's pretty safe.
 
  • Like
Reactions: vlad64

vlad64

Level 1
Thread author
Nov 26, 2016
14
okay, I am not familiar with Avira Scout, but if you have some options for appcontainer, choose the most all-inclusive option. In regular chrome, it is Enable AppContainer Lockdown.

If you can at least put all plugins inside appcontainer, that sounds pretty secure to me, although I am not commenting on the general security level of Avira Scout browser. Do keep in mind that they can't possibly have the money and resources to keep their browser as tight as Google Chrome. I assume you will not get patches until Google first puts them out, and then Avira figures out how to implement them, if they even can.

Should you browse in COMODO sandbox? It depends how paranoid or perfectionist you want to be. You will gain a little security, at the expense of some convenience, functionality, and possible complications. Some people are real hard-core security enthusiasts, and will not think of browsing unless they are sandboxed or isolated or whatever. Most folks are not that extreme.

As for sandboxing other vulnerable apps, such as Adobe PDF Reader: why not just make life easy, and use a safer PDF reader, such as Sumatra, or use Edge in Windows 10? All those default Windows 10 apps such as Edge and Groove Music and the photo viewer, they all run in appcontainer, and that's pretty safe.

Oh, my bad, for AppContainer is enable in Avira Scout too. For Enable PPAPI Win32k Lockdown are more options, and the last one is All Plugins.
I was thinking that Avira Scout may be more secure than Chrome, being built on Chrome and having these security tweaks added, but I'm not sure.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Oh, my bad, for AppContainer is enable in Avira Scout too. For Enable PPAPI Win32k Lockdown are more options, and the last one is All Plugins.
I was thinking that Avira Scout may be more secure than Chrome, being built on Chrome and having these security tweaks added, but I'm not sure.
I am not a browser expert and I don't know Avira Scout. But the general rule of thumb is that the Chromium-based, privately produced browsers have a harder time keeping up with the security patches, and the patches are important. Some of these browsers are better than others.

You could start a separate thread and ask people what they think about the pros and cons of your browser, if you wish. Get other opinions before you switch.
 
  • Like
Reactions: vlad64

vlad64

Level 1
Thread author
Nov 26, 2016
14
Thanks! So, for Enable PPAPI Win32k Lockdown, should I select 'All plugins'?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Thanks! So, for Enable PPAPI Win32k Lockdown, should I select 'All plugins'?
yes. If you find you have problems, you might have to change it, but probably you won't notice any difference.
 
  • Like
Reactions: vlad64

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top