Question What is your rationale for using "Auto-Containment" and not "Block"?

Please provide comments and solutions that are helpful to the author of this topic.
R

rashmi

Level 27
Thread author
Verified
Jan 15, 2024
1,605
1
3,683
2,568
Most Comodo users do not evaluate contained applications. When users encounter a containment alert or a green-bordered application, they typically close it and resume their work. "Block" is the ideal solution for these users, providing maximum protection without affecting usability.

What is your rationale for using "Auto-Containment" and not "Block"?
 
  • Like
Reactions: oldschool and Andy Ful
rashmi said:
Most Comodo users do not evaluate contained applications. When users encounter a containment alert or a green-bordered application, they typically close it and resume their work. "Block" is the ideal solution for these users, providing maximum protection without affecting usability.

What is your rationale for using "Auto-Containment" and not "Block"?
Click to expand...
You can remove some vulnerable applications (document viewers, etc.) from the Trusted group and use them more safely. You can also try unknown applications in the sandbox.
The Block setting can partially block some applications/plugins/extensions that use LOLBins restricted by Script Analysis Settings. It is possible that Block setting can sometimes cause unexpected issues (mainly with applications).
Anyway, for many people it can be probably a good solution.
 
Last edited:
  • Like
  • +Reputation
Reactions: rashmi, simmerskool and oldschool
but them we eventualy will be back in the same problem as before. cis can block almost everything but it has his flaws too and the poc by you and loyisa show this so, even with many configurations, if comodo doesnt update their product, these kind of poc will spread and becomes something "normal" to see...
 
Andy Ful said:
You can remove some vulnerable applications (document viewers, etc.) from the Trusted group and use them more safely. You can also try unknown applications in the sandbox.
The Block setting can partially block some applications/plugins/extensions that use LOLBins restricted by Script Analysis Settings. It is possible that Block setting can sometimes cause unexpected issues (mainly with applications).
Anyway, for many people it can be probably a good solution.
Click to expand...
You can try unknown applications using the "context menu" option, the "containment tasks" section, and the "virtual desktop" module. I have experienced no issues or differences between using "Block" and "Auto-Containment" with apps, extensions, or scripts. From my perspective, "block" is the superior and fitting choice for users who do not need auto-containment.
 
  • Like
Reactions: Andy Ful

You may also like...