Advice Request Where can I find @Cruelsisters Config?

Please provide comments and solutions that are helpful to the author of this topic.

Decopi

Level 8
Verified
Oct 29, 2017
361
I love and miss so much all @cruelsister comments and videos (masterpieces, little gems).
After testing tons of different so called security software, Cruel-Comodo remains as the best relation between level-of-protection VS hardware performance.
I was wondering whether @cruelsister today still recommends same Cruel-Comodo settings. Or perhaps nowadays has @cruelsister found a different better alternative for Cruel-Comodo?
 

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
For any Comodo newbies that may read this post, please know that the heart of Comodo's protection mechanism is Auto-containment- and this at ANY other setting than default. I suggest Restricted. Also, personally I don't feel that the HIPS is needed (except as Easter has stated above to track what a malicious file is doing for amusement) with Containment set properly.

The reason for the above statement is that both the default Containment setting and the HIPS module (even at Paranoid Mode) can result in system changes being made- which for me is unacceptable. Although the most common and most trivial can be the desktop background being changed (easy enough to rectify), a more serious (and greater pain to fix) is the inability of default Containment and Paranoid HIPS to prevent a malware file to utilize Windows Management Instrumentation (wmic.exe). This can lead to things like a System Reserved partition being created (a relatively current example of this sort of thingy is the Avaddon ransomware).

WMIC can (and has) be used for other nasty things, but setting up CF with the configuration that I have suggested will just laugh at stuff like this, which needless to say is Optimal.

M

cruelsister

 

XxX Legolas XxX

Level 3
Verified
Well-known
Sep 20, 2016
116
I setup CF like Cruelsister but I have problem.
Firewall block Google processes,Kaspersky free processes,Windows processes.Google sometime crash Kaspersky and Windows 10 work ok. I white list Kaspersky and Google Chrome and Windows 10 processes but Google Chrome crash.I unistall Comodo Firewall maybe i will install it but will like to have no problems. Could someone help me?!
 

Vitali Ortzi

Level 27
Verified
Top Poster
Well-known
Dec 12, 2016
1,642
I setup CF like Cruelsister but I have problem.
Firewall block Google processes,Kaspersky free processes,Windows processes.Google sometime crash Kaspersky and Windows 10 work ok. I white list Kaspersky and Google Chrome and Windows 10 processes but Google Chrome crash.I unistall Comodo Firewall maybe i will install it but will like to have no problems. Could someone help me?!
Sorry for the bad recommendation removed the comment so people won't follow
 
Last edited:

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
I setup CF like Cruelsister but I have problem.
Firewall block Google processes,Kaspersky free processes,Windows processes.Google sometime crash Kaspersky and Windows 10 work ok. I white list Kaspersky and Google Chrome and Windows 10 processes but Google Chrome crash.I unistall Comodo Firewall maybe i will install it but will like to have no problems. Could someone help me?!
The Google Chrome crashes could be unrelated to Comodo Firewall:
Update: Google has reached out to confirm that a fix for the issue is now rolling out to impacted users on Windows and Linux. The company has also posted an update on its forum, which you can read here.
 

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,227
I setup CF like Cruelsister but I have problem.
Firewall block Google processes,Kaspersky free processes,Windows processes.Google sometime crash Kaspersky and Windows 10 work ok. I white list Kaspersky and Google Chrome and Windows 10 processes but Google Chrome crash.I unistall Comodo Firewall maybe i will install it but will like to have no problems. Could someone help me?!
Are you trying to run Chrome in the Sandbox/Container? You need to add rule manually for Chrome to do tha with her settings. The Comodo Log should indicate if anything was blocked. Otherwise, it may be as @Gandalf_The_Grey linked.
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
Are you trying to run Chrome in the Sandbox/Container? You need to add rule manually for Chrome to do tha with her settings. The Comodo Log should indicate if anything was blocked. Otherwise, it may be as @Gandalf_The_Grey linked.
How-to setup sandboxed browsers is described in part 2 of the video linked by @Arequire
 

XxX Legolas XxX

Level 3
Verified
Well-known
Sep 20, 2016
116
Put it on training mode for 2 weeks
If I put firewall in training mode it will allow both good and bad things is that a good idea?

The Google Chrome crashes could be unrelated to Comodo Firewall:
I install CF,Google Chrome crashes but it is problem with Google Chrome version xD
Are you trying to run Chrome in the Sandbox/Container? You need to add rule manually for Chrome to do tha with her settings. The Comodo Log should indicate if anything was blocked. Otherwise, it may be as @Gandalf_The_Grey linked.
no but I know what you are writing about and thank you all for your help.
Now I withlist Kasperky,Google Chrome but I have one last problem if I set in firewall setting Do not show popup alerts Block Requests if I run some apps firewall will block some process from apps and Windows System32 Svchost.exe but if I uncheck setting it will allow apps and Svchost.
I will withlist apps and svchost but if I live setting do not show popup alerts Block requests it will block new apps new process is these setting important?
 
  • Like
Reactions: Nevi and Venustus

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
621
@XxX Legolas XxX

did you review the CF logs to see what exactly is happening? From these events you should be able to modify existing rules or create new rules to rectify the issues.

EDIT

Possibly something in your setup is misconfigured, because I believe CS' setup has Safe mode enabled, which should allow safe applications such as Chrome and Kaspersky to run and connect through firewall.
 
Last edited:

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
Do not use training mode, I repeat don't use training mode, it will lower security, First order of installing CFW is to let it do what it have to, When it is finish it will tell you to restart the PC do that then when fully booted, go to configure firewall put it in proactive mode, then go to hips turn it off, then put the interface of the firewall in advance view, go to task hit the update button, when finish hit the scan button, this will take a couple seconds when it's finish, 8 options on the left 3 on the right will be there in a small box for you to use, if the OS that you're on is fresh hit trusted in the box on the upper right hand side, if the OS isn't fresh press on the untrusted file it will be highlighted in blue, it will give you a read out telling you if the said file is OS related or from any soft you have installed, it will also give you a link to the folder in which the file is in, so you can use VirusTotal or any verification site of your choosing to make sure the file is safe, if you don't know of any sites to verify a file,use Comodo own verifier, hit task go in to containment press on Watch Activity you will get a prompt asking you if to allow a file to run say yes and it will download killSwitch it's around 8mb install that, KillSwitch will be launched but that is not what you really want, what you want is an app in Killswitch name Auto-Run Analyzer, Go in to tools on killswitch options select it and let it run (make sure to pin them both to task bar) Killswitch by default runs in standard mode look to the bottom right side of killswitch and you will see a shield to run as admin reason for running it in admin mode is you will get more option, anyway Auto-run analyzer helps comodo whitelist stuff that comodo has miss and it helps verify stuff more easily so you will get less blockage occurring, I will post some images they should help make things be more easy on you.
 

Attachments

  • 1 - Copy.PNG
    1 - Copy.PNG
    35.9 KB · Views: 821
  • 2 - Copy.PNG
    2 - Copy.PNG
    42.5 KB · Views: 757
  • 3 - Copy.PNG
    3 - Copy.PNG
    37.4 KB · Views: 764
  • 4 - Copy.PNG
    4 - Copy.PNG
    30.4 KB · Views: 771
  • 5 - Copy.PNG
    5 - Copy.PNG
    41.7 KB · Views: 794
  • 6 - Copy.PNG
    6 - Copy.PNG
    34.3 KB · Views: 729
  • 7 - Copy.PNG
    7 - Copy.PNG
    49.3 KB · Views: 745
  • 8 - Copy.PNG
    8 - Copy.PNG
    21.3 KB · Views: 725
  • 9 - Copy.PNG
    9 - Copy.PNG
    73.7 KB · Views: 786
  • 10 - Copy.PNG
    10 - Copy.PNG
    46.6 KB · Views: 703
  • 11 - Copy.PNG
    11 - Copy.PNG
    39.2 KB · Views: 708
  • 12 - Copy.PNG
    12 - Copy.PNG
    10.7 KB · Views: 705
Last edited:

XxX Legolas XxX

Level 3
Verified
Well-known
Sep 20, 2016
116
Do not use training mode, I repeat don't use training mode, it will lower security, First order of installing CFW is to let it do what it have to, When it is finish it will tell you to restart the PC do that then when fully booted, go to configure firewall put it in proactive mode, then go to hips turn it off, then put the interface of the firewall in advance view, go to task hit the update button, when finish hit the scan button, this will take a couple seconds when it's finish, 3 options will be there in a small box for you to use, if the OS that you're on is fresh hit trusted in the box on the upper right hand side, if the OS isn't fresh press on the untrusted file it will be highlighted in blue, it will give you a read out telling you if the said file is OS related or from any soft you have installed, it will also give you a link to the folder in which the file is in, so you can use VirusTotal or any verification site of your choosing to make sure the file is safe, if you don't know of any sites to verify a file,use Comodo own verifier, hit task go in to containment press on Watch Activity you will get a prompt asking you if to allow a file to run say yes and it will download killSwitch it's around 8mb install that, KillSwitch will be launched but that is not what you really want, what you want is an app in Killswitch name Auto-Run Analyzer, Go in to tools on killswitch options select it and let it run (make sure to pin them both to task manger) Killswitch by default runs in standard mode look to the bottom right side of killswitch and you will see a shield to run as admin reason for running it in admin mode is you will get more option, anyway Auto-run analyzer helps comodo whitelist stuff that comodo has miss and it helps verify stuff more easily so you will get less blockage occurring, I will post some images they should help make things be more easy on you.
Thanks but I fix problem I uncheck in firewall settings: Do not show popup alerts Block Requests and now it not block some off process from my programs.

Now my question is whether I have now reduced the security ?

And of course now I have to decide whether to block something or not when I get a popup from the firewall.
 
Last edited:
  • Like
Reactions: Nevi and Venustus

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
That depends on your CFW knowledge skill in that if it throws request at you about allowing stuff to connect in or out, how experience are to answer those correctly and or accurately that is why comodo provided that option to take that burden off of not so skilled users, so the question for you is are you qualified enough to handle it? Sometimes jumping straight into the water is better that wiggling your toes in it.
 
Last edited:

XxX Legolas XxX

Level 3
Verified
Well-known
Sep 20, 2016
116
That depends on your CFW knowledge skill in that if it throws request at you about allowing stuff to connect in or out, how experience are to answer those correctly and or accurately that is why comodo provided that option to take that burden off of not so skilled users, so the question for you is are you qualified enough to handle it? Sometimes jumping straight into the water is better that wiggling your toes in it.
If I check Do not show popup alert B.R. in firewall events show my:Microsoft Edge msedge.exe blocked in Google Chrome chrome.exe blocked,Windows system32 svchost.exe blocked,Kaspersky avp.exe blocked but if I unckeck Do not show... it will not block the exe process.In Ublock Applications I allow exe process but tomorrow I will install something else and it will block it so that it is better left as it is.

I have two questions picture number 6 for the computer in the building network zones home or public and picture 12 Website Filtering disabled way it not good or ?
Edit
Picture 3 updates 1 hours way it will only update new version of Comodo but new verison is one day a year ?
 
Last edited:
  • Like
Reactions: Nevi and Venustus

XxX Legolas XxX

Level 3
Verified
Well-known
Sep 20, 2016
116
I don't need website filter because my browser has an addon that handles that part for me. Network zone in public hardens the firewall more. It is users choice.
Picture 3 updates 1 hours way it will only update new version of Comodo but new verison is one day a year and what addons you use.
Thank you for helping me a lot!!!
 
Last edited:
  • Like
Reactions: Nevi and Venustus

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top