Which default/deny solution wins, and why?

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
please state why you made your choice. there is a bit of mystery surrounding some of these apps; let's put it on the table for all to see. Facts, not fables.

I deliberately left AppGuard off the list because it is in a class all by itself.
 

FleischmannTV

Level 7
Verified
Honorary Member
Well-known
Jun 12, 2014
314
tried to do that yesterday, but CFW trashed my browser. It would not let chrome load my profile. I installed CFW, right away put it in proactive mode, and boom, chrome is broken.
30 hours later, and 0 replies on comodo help forum.
any ideas what to do?

Do you have the AppContainer flag enabled in chrome://flags? If so, then the injected cguard64.dll is probably making it crash. You have to go to HIPS options and add chrome.exe to the exceptions under "Detect shellcode injections". Yes, making that exception is still necessary, even if that option or the entire HIPS is disabled.
 
D

Deleted member 178

Do you have the AppContainer flag enabled in chrome://flags? If so, then the injected cguard64.dll is probably making it crash. You have to go to HIPS options and add chrome.exe to the exceptions under "Detect shellcode injections". Yes, making that exception is still necessary, even if that option or the entire HIPS is disabled.
Must be done as well with other security softs like HMPA or other anti-exploit softs.
 
  • Like
Reactions: shmu26

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Do you have the AppContainer flag enabled in chrome://flags? If so, then the injected cguard64.dll is probably making it crash. You have to go to HIPS options and add chrome.exe to the exceptions under "Detect shellcode injections". Yes, making that exception is still necessary, even if that option or the entire HIPS is disabled.
I have Chrome with Appcontainer enabled and run Comodo Firewall with no problem, also in Comodo sandbox no problem.
 
  • Like
Reactions: shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
tried to do that yesterday, but CFW trashed my browser. It would not let chrome load my profile. I installed CFW, right away put it in proactive mode, and boom, chrome is broken.
30 hours later, and 0 replies on comodo help forum.
any ideas what to do?
Tried again today, and I didn't have problems.
the only real difference I can point to is that last time, I was running Avira AV, and this time, Windows Defender.
I do have appcontainer enabled.
 
  • Like
Reactions: Deleted member 2913
D

Deleted member 2913

Tried again today, and I didn't have problems.
the only real difference I can point to is that last time, I was running Avira AV, and this time, Windows Defender.
I do have appcontainer enabled.
I use proactive + customization And no probs with Chrome or etc...
I use CFW only, no AV, 3rd party AV, WD, etc...
 
  • Like
Reactions: BugCode and shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I use proactive + customization And no probs with Chrome or etc...
I use CFW only, no AV, 3rd party AV, WD, etc...
My new problem with Chrome and CFW is that every time I start up Chrome, my Norton Family extension wants to run a batch file with a random name, and Comodo doesn't like that. If I enable autosandbox, the command gets sandboxed. And if I use only HIPS, I get a series of prompts. Can't whitelist it because the name of the batch file changes every time.
 
  • Like
Reactions: Deleted member 2913
D

Deleted member 2913

My new problem with Chrome and CFW is that every time I start up Chrome, my Norton Family extension wants to run a batch file with a random name, and Comodo doesn't like that. If I enable autosandbox, the command gets sandboxed. And if I use only HIPS, I get a series of prompts. Can't whitelist it because the name of the batch file changes every time.
I am using Sticky Password on Chrome 64 Bits portable And when I run Chrome, a batch file related to Sticky Password is autosandboxed everytime BUT Sticky Password runs & works fine for me...
 
5

509322

My new problem with Chrome and CFW is that every time I start up Chrome, my Norton Family extension wants to run a batch file with a random name, and Comodo doesn't like that. If I enable autosandbox, the command gets sandboxed. And if I use only HIPS, I get a series of prompts. Can't whitelist it because the name of the batch file changes every time.

If I recall correctly, I think COMODO supports the use of wildcards in a file path - the same as NVT ERP when whitelisting command lines.
 
  • Like
Reactions: shmu26

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Voted for ReHIPS, but if i had to choose an anti-exe with default settings out of the box, i would say AppSamvid, its fairly new product and I start to think that it's so simple that my mom could even learn it, i want to believe its future and continous development. :)
Thats that new Gvmt solution from India isn't it ?
What do you think of it, and how are you liking that, is it as effective as VS ?
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
If I recall correctly, I think COMODO supports the use of wildcards in a file path - the same as NVT ERP when whitelisting command lines.
Comodo 10 has a new and innovative way of handling command lines, it extracts the code and creates from it a unique Comodo batch file with a random name, and then sandboxes that batch file when it runs. All such files are stored in the same Comodo folder (you might call this folder a "junkpile"). So if you wildcarded it, you just whitelisted every possible command line.
 
5

509322

Comodo 10 has a new and innovative way of handling command lines, it extracts the code and creates from it a unique Comodo batch file with a random name, and then sandboxes that batch file when it runs. All such files are stored in the same Comodo folder (you might call this folder a "junkpile"). So if you wildcarded it, you just whitelisted every possible command line.

I know a little about the feature you describe. I didn't mean to imply wildcard the .bat file - but I mistakenly said use a wildcard in the file path. What I meant was whitelist the command line using a wildcard if the argument randomly changes every time.

If I recall correctly, there is a way to whitelist command lines - or at least there used to be. It's been a long time so I could be mistaken and thinking of a different product. Anyway, even if you can whitelist a command line, that feature might ignore the allow rule and still sandbox the .bat.

What I am indirectly suggesting is that you might want to ask around about command line whitelisting in COMODO.
 
  • Like
Reactions: shmu26 and erreale

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I know a little about the feature you describe. I didn't mean to imply wildcard the .bat file - but I mistakenly said use a wildcard in the file path. What I meant was whitelist the command line using a wildcard if the argument randomly changes every time.

If I recall correctly, there is a way to whitelist command lines - or at least there used to be. It's been a long time so I could be mistaken and thinking of a different product. Anyway, even if you can whitelist a command line, that feature might ignore the allow rule and still sandbox the .bat.

What I am indirectly suggesting is that you might want to ask around about command line whitelisting in COMODO.
I actually asked around a little over there, and I saw some user discontent about this new feature. They are basically in damage control mode, until they figure out how to fix it. (I think I hear you chuckling...)
 
D

Deleted Member 3a5v73x

Thats that new Gvmt solution from India isn't it ?
What do you think of it, and how are you liking that, is it as effective as VS ?
Yes AppSamvid - An Application Whitelisting Software After watching @cruelsister test on it
and after some testing myself in VM i gave it a try on production machine alongside Webroot, (now trying EIS) and not have run into any problems whatsoever, even though AppSamvid is in early stage I believe updates will come throughout 2017 year and make it even better than it is now, I have encountered only UI glitches so far, even though AppSamvid may not be as complete as Voodooshield is (feature wise) I think it will become very strong anti-exe/whitelisting product, simple, yet effective, without fancy "Ai" stuff inside it. I like software without attractive looks what does what it is supposed to do, and so far I am satisfied how AppSamvid works. I think its too early to say how "effective" it is, not much time have passed yet and not so many know about AppSamvid yet. I think only those who need something more simplier than VoodooShield will switch to AppSamvid, I can't think of any other reason right now.
 
5

509322

I actually asked around a little over there, and I saw some user discontent about this new feature. They are basically in damage control mode, until they figure out how to fix it. (I think I hear you chuckling...)

I mentioned somewhere on MT that this new feature would cause user discontent.
 
  • Like
Reactions: shmu26

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
I am using Sticky Password on Chrome 64 Bits portable And when I run Chrome, a batch file related to Sticky Password is autosandboxed everytime BUT Sticky Password runs & works fine for me...

Try this... In CFW's HIPS settings, uncheck "Do heuristic command-line analysis for certain applications" [uncheck this even if "Enable HIPS" is unchecked. Solved it for me]

My new problem with Chrome and CFW is that every time I start up Chrome, my Norton Family extension wants to run a batch file with a random name, and Comodo doesn't like that. If I enable autosandbox, the command gets sandboxed. And if I use only HIPS, I get a series of prompts. Can't whitelist it because the name of the batch file changes every time.

I'm not familiar with Norton Family extension, but I suspect the same issue as with Sticky Password above. Easy enough to try anyway.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Yes AppSamvid - An Application Whitelisting Software After watching @cruelsister test on it
and after some testing myself in VM i gave it a try on production machine alongside Webroot, (now trying EIS) and not have run into any problems whatsoever, even though AppSamvid is in early stage I believe updates will come throughout 2017 year and make it even better than it is now, I have encountered only UI glitches so far, even though AppSamvid may not be as complete as Voodooshield is (feature wise) I think it will become very strong anti-exe/whitelisting product, simple, yet effective, without fancy "Ai" stuff inside it. I like software without attractive looks what does what it is supposed to do, and so far I am satisfied how AppSamvid works. I think its too early to say how "effective" it is, not much time have passed yet and not so many know about AppSamvid yet. I think only those who need something more simplier than VoodooShield will switch to AppSamvid, I can't think of any other reason right now.

Ok, Thanks for taking the time to reply brother ;)
 
D

Deleted member 2913

Try this... In CFW's HIPS settings, uncheck "Do heuristic command-line analysis for certain applications" [uncheck this even if "Enable HIPS" is unchecked. Solved it for me]
I know that But I dont want to uncheck protection especially when I dont have probs i.e batch file is autosandboxed but Sticky Password works fine for me...
 
  • Like
Reactions: shmu26

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top