Which default/deny solution wins, and why?

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
please state why you made your choice. there is a bit of mystery surrounding some of these apps; let's put it on the table for all to see. Facts, not fables.

I deliberately left AppGuard off the list because it is in a class all by itself.
 

Rengar

Level 17
Verified
Top Poster
Well-known
Jan 6, 2017
835
google it, or go to their respective forums , don't wait people do it or you...
ANSWER:Whats the reason to google it when you have the forum here. With your logic any problem we have or a question, we can google it and find the solution and not ask here. If you dont want to answer something then dont do it, but dont be harsh:p
 
Last edited by a moderator:

jerzy601

Level 21
Verified
Top Poster
Well-known
Jun 20, 2011
1,006
my voice on VoodooShield is really good, lightweight and relatively simple operation, I am pleased with his work eateth very well cooperates already installed antywirusami.
I currently have VoodooShield + Eset Internet security work together very well.
As a very good program is AppGuard that some time ago I was using and I was happy with it, but I wanted to try VS and so already left. some time back to AppGuard and then you will not need antivirus.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Comodo is an HIPS + isolation using kernel hooks , what inner other working knowledge you need?
1 what does HIPS do when you have it disabled? Comodo experts say it still functions in the background, but don't detail it. This is an important issue for those following the famous CS non-HIPS config.
2 what protections does HIPS provide for trusted processes? This is relevant to loading of rogue DLLs, and memory exploits.
 

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Wow! Three of the best applications have been named as the favorites!

1). VS is a really clever program, and I love the fact that whenever it is confused (like with a true zero-day or if network connection is lost) it will suggest running it in isolation. This function really is genius!

2). AppGuard- (God forbid if I badmouthed it with Umbra around)- this program, especially in Lockdown mode makes it difficult, if not impossible, to become infected UNLESS the user allows something that shouldn't be allowed. But I suppose that would be true with anything.

3). CF- Of course the best of the lot. Although CF often has been accused of being a "Geek Only" security application, one of these days (soon) I will provide a setup that even a Man can use without taxing their little brains.

U- I thought you already had a million...

M
 
D

Deleted member 178

1 what does HIPS do when you have it disabled? Comodo experts say it still functions in the background, but don't detail it. This is an important issue for those following the famous CS non-HIPS config.
2 what protections does HIPS provide for trusted processes? This is relevant to loading of rogue DLLs, and memory exploits.

1- HIPS is never disabled , it is on quiet mode and kicks-in until the BB/sandbox do nothing. read my thread : Comodo Internet Security's auto-Sandbox (BB) & HIPS interaction explanation
2- my other thread : Comodo's Myths & Facts

note that almost all infos about comodo are available here, even more detailed and neutral than in Comodo forum :p
 
D

Deleted member 178

Wow! Three of the best applications have been named as the favorites!

1). VS is a really clever program, and I love the fact that whenever it is confused (like with a true zero-day or if network connection is lost) it will suggest running it in isolation. This function really is genius!
i always forgot this Cuckoo thingy :D

2). AppGuard- (God forbid if I badmouthed it with Umbra around)- this program, especially in Lockdown mode makes it difficult, if not impossible, to become infected UNLESS the user allows something that shouldn't be allowed. But I suppose that would be true with anything.
Indeed be careful or a sexist comment will fall like the hammer f Thor :p

3). CF- Of course the best of the lot. Although CF often has been accused of being a "Geek Only" security application, one of these days (soon) I will provide a setup that even a Man can use without taxing their little brains.
i think many we use it :D

U- I thought you already had a million...
not yet , i try restrict myself to common human standard :D
 
S

Sr. Normal 2.0

VS here! :) . This Man is more comfortable with VS than with CF ;)

No, seriously, I do not like to trust the security of my computer to a single program, that's why I have VS, to support / complement my firewall (ZoneAlarm or Norton)

Of the list is the one that I have used more time. I also used in past Comodo Firewall ,but although I recognize its quality, I do not like it.
 

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Umbra on the parallel thread brought up an excellent point about Trusted Vendors. AppGuard has about 8 (someone refresh my memory if that number is not accurate- but I know it is close) whereas Comodo has about 8000 (I KNOW that number is wrong, but it is lots and lots). Although an extensive Trusted Vendor list is a potential issue for malware using a false certificate, this list can be customized in Comodo to make it identical to that of AppGuard (of course I have a video for that).

Shmu- regarding how CF handles dll's- Dropping and registering malicious dll's is a popular attack vector, especially for RAT's. With Comodo at my settings the drop will be recognized and the dll will be isolated from the rest of the system. Either by a sandbox reset or a system reboot and it will be wiped out. As within the next month I'll be publishing a CF for Babies video I'll be sure to include malware of this type to demonstrate.

And screw the HIPS, btw...
 
Last edited:

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Shmu- regarding how CF handles dll's- Dropping and registering malicious dll's is a popular attack vector, especially for RAT's. With Comodo at my settings the drop will be recognized and the dll will be isolated from the rest of the system.
Hi there CS, in your videos, where you run a malware file on your desktop, the dlls will be isolated because a sandboxed process is spawning them.
but the scenario we were discussing is where an app is exploited and a native script interpreter is used to download the dll. That's trickier to block.
 
D

Deleted member 178

Hi there CS, in your videos, where you run a malware file on your desktop, the dlls will be isolated because a sandboxed process is spawning them.
but the scenario we were discussing is where an app is exploited and a native script interpreter is used to download the dll. That's trickier to block.
Use the HIPS :p (CS will kill me lol)
 
  • Like
Reactions: SHvFl and shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Use the HIPS :p (CS will kill me lol)
tried to do that yesterday, but CFW trashed my browser. It would not let chrome load my profile. I installed CFW, right away put it in proactive mode, and boom, chrome is broken.
30 hours later, and 0 replies on comodo help forum.
any ideas what to do?
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
tried to do that yesterday, but CFW trashed my browser. It would not let chrome load my profile. I installed CFW, right away put it in proactive mode, and boom, chrome is broken.
30 hours later, and 0 replies on comodo help forum.
any ideas what to do?
Stop using Comodo products because the support is terrible every single time?
 
W

Wave

isolation using kernel hooks
Since they work with real virtualization (e.g. you will need virtualization to be enabled via the BIOS, the hardware must support the virtualize functionality which processor manufacturers integrate, such as Intel VT-x and AMD SVM) they do not need to worry about PatchGuard; they'll be able to use kernel-mode patching techniques such as MSR hooks. Kaspersky use real virtualization also, they implement features like screenshot protection through usage of the hyper-visor... It also allows them to prevent a GDI+ exploit due to win32k.sys, which others vendors cannot do.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top