Serious Discussion What is your rationale for using "Auto-Containment" and not "Block"?

rashmi

rashmi

Level 11
Thread author
Jan 15, 2024
544
Most Comodo users do not evaluate contained applications. When users encounter a containment alert or a green-bordered application, they typically close it and resume their work. "Block" is the ideal solution for these users, providing maximum protection without affecting usability.

What is your rationale for using "Auto-Containment" and not "Block"?
 
  • Like
Reactions: oldschool and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,494
rashmi said:
Most Comodo users do not evaluate contained applications. When users encounter a containment alert or a green-bordered application, they typically close it and resume their work. "Block" is the ideal solution for these users, providing maximum protection without affecting usability.

What is your rationale for using "Auto-Containment" and not "Block"?
Click to expand...
You can remove some vulnerable applications (document viewers, etc.) from the Trusted group and use them more safely. You can also try unknown applications in the sandbox.
The Block setting can partially block some applications/plugins/extensions that use LOLBins restricted by Script Analysis Settings. It is possible that Block setting can sometimes cause unexpected issues (mainly with applications).
Anyway, for many people it can be probably a good solution.
 
Last edited:
  • Like
  • +Reputation
Reactions: rashmi, simmerskool and oldschool
vitao

vitao

Level 2
Mar 12, 2024
51
but them we eventualy will be back in the same problem as before. cis can block almost everything but it has his flaws too and the poc by you and loyisa show this so, even with many configurations, if comodo doesnt update their product, these kind of poc will spread and becomes something "normal" to see...
 
rashmi

rashmi

Level 11
Thread author
Jan 15, 2024
544
Andy Ful said:
You can remove some vulnerable applications (document viewers, etc.) from the Trusted group and use them more safely. You can also try unknown applications in the sandbox.
The Block setting can partially block some applications/plugins/extensions that use LOLBins restricted by Script Analysis Settings. It is possible that Block setting can sometimes cause unexpected issues (mainly with applications).
Anyway, for many people it can be probably a good solution.
Click to expand...
You can try unknown applications using the "context menu" option, the "containment tasks" section, and the "virtual desktop" module. I have experienced no issues or differences between using "Block" and "Auto-Containment" with apps, extensions, or scripts. From my perspective, "block" is the superior and fitting choice for users who do not need auto-containment.
 
  • Like
Reactions: Andy Ful

Similar threads

rashmi
    • Like
    • +Reputation
Serious Discussion Comodo Containment "Restricted" Restriction Level
Replies
24
Views
1,753
Comodo
rashmi
rashmi
Trident
    • Like
    • Applause
    • +Reputation
  • Poll
Serious Discussion Pre-execution vs post-execution protections explained
Replies
6
Views
1,052
General Security Discussions
Trident
Trident
Trident
    • Like
    • +Reputation
    • Thanks
Serious Discussion Decoding the Trend Micro Components and Protection Model
Replies
24
Views
2,937
Other security for Windows, Mac, Linux
Mahesh Sudula
Mahesh Sudula

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top